From 266932261300d88ecdf0089cd2e8e2da60ba02c8 Mon Sep 17 00:00:00 2001 From: Pick1a1username <20301273+Pick1a1username@users.noreply.github.com> Date: Sun, 17 Feb 2019 01:55:44 +0900 Subject: [PATCH] The chapter 'Smoke Test' is updated. --- docs/13-smoke-test.md | 67 +++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 35 deletions(-) diff --git a/docs/13-smoke-test.md b/docs/13-smoke-test.md index f302909..69cbd16 100644 --- a/docs/13-smoke-test.md +++ b/docs/13-smoke-test.md @@ -9,15 +9,14 @@ In this section you will verify the ability to [encrypt secret data at rest](htt Create a generic secret: ``` -kubectl create secret generic kubernetes-the-hard-way \ +$ kubectl create secret generic kubernetes-the-hard-way \ --from-literal="mykey=mydata" ``` Print a hexdump of the `kubernetes-the-hard-way` secret stored in etcd: ``` -gcloud compute ssh controller-0 \ - --command "sudo ETCDCTL_API=3 etcdctl get \ +$ ssh -i ~/.ssh/id_rsa-k8s.pub 10.240.0.21 "sudo ETCDCTL_API=3 etcdctl get \ --endpoints=https://127.0.0.1:2379 \ --cacert=/etc/etcd/ca.pem \ --cert=/etc/etcd/kubernetes.pem \ @@ -48,6 +47,7 @@ gcloud compute ssh controller-0 \ The etcd key should be prefixed with `k8s:enc:aescbc:v1:key1`, which indicates the `aescbc` provider was used to encrypt the data with the `key1` encryption key. + ## Deployments In this section you will verify the ability to create and manage [Deployments](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/). @@ -55,13 +55,13 @@ In this section you will verify the ability to create and manage [Deployments](h Create a deployment for the [nginx](https://nginx.org/en/) web server: ``` -kubectl run nginx --image=nginx +$ kubectl run nginx --image=nginx ``` List the pod created by the `nginx` deployment: ``` -kubectl get pods -l run=nginx +$ kubectl get pods -l run=nginx ``` > output @@ -78,13 +78,13 @@ In this section you will verify the ability to access applications remotely usin Retrieve the full name of the `nginx` pod: ``` -POD_NAME=$(kubectl get pods -l run=nginx -o jsonpath="{.items[0].metadata.name}") +$ POD_NAME=$(kubectl get pods -l run=nginx -o jsonpath="{.items[0].metadata.name}") ``` Forward port `8080` on your local machine to port `80` of the `nginx` pod: ``` -kubectl port-forward $POD_NAME 8080:80 +$ kubectl port-forward $POD_NAME 8080:80 ``` > output @@ -97,7 +97,7 @@ Forwarding from [::1]:8080 -> 80 In a new terminal make an HTTP request using the forwarding address: ``` -curl --head http://127.0.0.1:8080 +$ curl --head http://127.0.0.1:8080 ``` > output @@ -123,6 +123,7 @@ Handling connection for 8080 ^C ``` + ### Logs In this section you will verify the ability to [retrieve container logs](https://kubernetes.io/docs/concepts/cluster-administration/logging/). @@ -130,7 +131,7 @@ In this section you will verify the ability to [retrieve container logs](https:/ Print the `nginx` pod logs: ``` -kubectl logs $POD_NAME +$ kubectl logs $POD_NAME ``` > output @@ -139,6 +140,7 @@ kubectl logs $POD_NAME 127.0.0.1 - - [30/Sep/2018:19:23:10 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.58.0" "-" ``` + ### Exec In this section you will verify the ability to [execute commands in a container](https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/#running-individual-commands-in-a-container). @@ -146,15 +148,16 @@ In this section you will verify the ability to [execute commands in a container] Print the nginx version by executing the `nginx -v` command in the `nginx` container: ``` -kubectl exec -ti $POD_NAME -- nginx -v +$ kubectl exec -ti $POD_NAME -- nginx -v ``` > output ``` -nginx version: nginx/1.15.4 +$ nginx version: nginx/1.15.4 ``` + ## Services In this section you will verify the ability to expose applications using a [Service](https://kubernetes.io/docs/concepts/services-networking/service/). @@ -162,7 +165,7 @@ In this section you will verify the ability to expose applications using a [Serv Expose the `nginx` deployment using a [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) service: ``` -kubectl expose deployment nginx --port 80 --type NodePort +$ kubectl expose deployment nginx --port 80 --type NodePort ``` > The LoadBalancer service type can not be used because your cluster is not configured with [cloud provider integration](https://kubernetes.io/docs/getting-started-guides/scratch/#cloud-provider). Setting up cloud provider integration is out of scope for this tutorial. @@ -170,29 +173,20 @@ kubectl expose deployment nginx --port 80 --type NodePort Retrieve the node port assigned to the `nginx` service: ``` -NODE_PORT=$(kubectl get svc nginx \ +$ NODE_PORT=$(kubectl get svc nginx \ --output=jsonpath='{range .spec.ports[0]}{.nodePort}') ``` -Create a firewall rule that allows remote access to the `nginx` node port: +Retrieve the IP address of a worker instance: ``` -gcloud compute firewall-rules create kubernetes-the-hard-way-allow-nginx-service \ - --allow=tcp:${NODE_PORT} \ - --network kubernetes-the-hard-way +WORKER_IP=$ kubectl get nodes $(kubectl get pods -o wide | grep nginx | awk '{ print $7 }') -o wide | tail -1 | awk '{ print $6 }' ``` -Retrieve the external IP address of a worker instance: +Make an HTTP request using the IP address and the `nginx` node port: ``` -EXTERNAL_IP=$(gcloud compute instances describe worker-0 \ - --format 'value(networkInterfaces[0].accessConfigs[0].natIP)') -``` - -Make an HTTP request using the external IP address and the `nginx` node port: - -``` -curl -I http://${EXTERNAL_IP}:${NODE_PORT} +curl -I http://${WORKER_IP}:${NODE_PORT} ``` > output @@ -216,7 +210,7 @@ This section will verify the ability to run untrusted workloads using [gVisor](h Create the `untrusted` pod: ``` -cat < output