parent
b974042d95
commit
bf2850974e
|
@ -14,11 +14,12 @@ The target audience for this tutorial is someone planning to support a productio
|
||||||
|
|
||||||
Kubernetes The Hard Way guides you through bootstrapping a highly available Kubernetes cluster with end-to-end encryption between components and RBAC authentication.
|
Kubernetes The Hard Way guides you through bootstrapping a highly available Kubernetes cluster with end-to-end encryption between components and RBAC authentication.
|
||||||
|
|
||||||
* [Kubernetes](https://github.com/kubernetes/kubernetes) 1.10.2
|
* [Kubernetes](https://github.com/kubernetes/kubernetes) 1.12.0
|
||||||
* [containerd Container Runtime](https://github.com/containerd/containerd) 1.1.0
|
* [containerd Container Runtime](https://github.com/containerd/containerd) 1.2.0-rc.0
|
||||||
* [gVisor](https://github.com/google/gvisor) 08879266fef3a67fac1a77f1ea133c3ac75759dd
|
* [gVisor](https://github.com/google/gvisor) 50c283b9f56bb7200938d9e207355f05f79f0d17
|
||||||
* [CNI Container Networking](https://github.com/containernetworking/cni) 0.6.0
|
* [CNI Container Networking](https://github.com/containernetworking/cni) 0.6.0
|
||||||
* [etcd](https://github.com/coreos/etcd) 3.3.5
|
* [etcd](https://github.com/coreos/etcd) v3.3.9
|
||||||
|
* [CoreDNS](https://github.com/coredns/coredns) v1.2.2
|
||||||
|
|
||||||
## Labs
|
## Labs
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ This tutorial leverages the [Google Cloud Platform](https://cloud.google.com/) t
|
||||||
|
|
||||||
Follow the Google Cloud SDK [documentation](https://cloud.google.com/sdk/) to install and configure the `gcloud` command line utility.
|
Follow the Google Cloud SDK [documentation](https://cloud.google.com/sdk/) to install and configure the `gcloud` command line utility.
|
||||||
|
|
||||||
Verify the Google Cloud SDK version is 200.0.0 or higher:
|
Verify the Google Cloud SDK version is 218.0.0 or higher:
|
||||||
|
|
||||||
```
|
```
|
||||||
gcloud version
|
gcloud version
|
||||||
|
|
|
@ -75,7 +75,7 @@ The `kubectl` command line utility is used to interact with the Kubernetes API S
|
||||||
### OS X
|
### OS X
|
||||||
|
|
||||||
```
|
```
|
||||||
curl -o kubectl https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/darwin/amd64/kubectl
|
curl -o kubectl https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/darwin/amd64/kubectl
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -89,7 +89,7 @@ sudo mv kubectl /usr/local/bin/
|
||||||
### Linux
|
### Linux
|
||||||
|
|
||||||
```
|
```
|
||||||
wget https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kubectl
|
wget https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kubectl
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -102,7 +102,7 @@ sudo mv kubectl /usr/local/bin/
|
||||||
|
|
||||||
### Verification
|
### Verification
|
||||||
|
|
||||||
Verify `kubectl` version 1.10.2 or higher is installed:
|
Verify `kubectl` version 1.12.0 or higher is installed:
|
||||||
|
|
||||||
```
|
```
|
||||||
kubectl version --client
|
kubectl version --client
|
||||||
|
@ -111,7 +111,7 @@ kubectl version --client
|
||||||
> output
|
> output
|
||||||
|
|
||||||
```
|
```
|
||||||
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:22:21Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
|
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-27T17:05:32Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}
|
||||||
```
|
```
|
||||||
|
|
||||||
Next: [Provisioning Compute Resources](03-compute-resources.md)
|
Next: [Provisioning Compute Resources](03-compute-resources.md)
|
||||||
|
|
|
@ -22,15 +22,15 @@ Download the official etcd release binaries from the [coreos/etcd](https://githu
|
||||||
|
|
||||||
```
|
```
|
||||||
wget -q --show-progress --https-only --timestamping \
|
wget -q --show-progress --https-only --timestamping \
|
||||||
"https://github.com/coreos/etcd/releases/download/v3.3.5/etcd-v3.3.5-linux-amd64.tar.gz"
|
"https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz"
|
||||||
```
|
```
|
||||||
|
|
||||||
Extract and install the `etcd` server and the `etcdctl` command line utility:
|
Extract and install the `etcd` server and the `etcdctl` command line utility:
|
||||||
|
|
||||||
```
|
```
|
||||||
{
|
{
|
||||||
tar -xvf etcd-v3.3.5-linux-amd64.tar.gz
|
tar -xvf etcd-v3.3.9-linux-amd64.tar.gz
|
||||||
sudo mv etcd-v3.3.5-linux-amd64/etcd* /usr/local/bin/
|
sudo mv etcd-v3.3.9-linux-amd64/etcd* /usr/local/bin/
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -28,10 +28,10 @@ Download the official Kubernetes release binaries:
|
||||||
|
|
||||||
```
|
```
|
||||||
wget -q --show-progress --https-only --timestamping \
|
wget -q --show-progress --https-only --timestamping \
|
||||||
"https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kube-apiserver" \
|
"https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kube-apiserver" \
|
||||||
"https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kube-controller-manager" \
|
"https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kube-controller-manager" \
|
||||||
"https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kube-scheduler" \
|
"https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kube-scheduler" \
|
||||||
"https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kubectl"
|
"https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kubectl"
|
||||||
```
|
```
|
||||||
|
|
||||||
Install the Kubernetes binaries:
|
Install the Kubernetes binaries:
|
||||||
|
@ -267,7 +267,7 @@ curl -H "Host: kubernetes.default.svc.cluster.local" -i http://127.0.0.1/healthz
|
||||||
```
|
```
|
||||||
HTTP/1.1 200 OK
|
HTTP/1.1 200 OK
|
||||||
Server: nginx/1.14.0 (Ubuntu)
|
Server: nginx/1.14.0 (Ubuntu)
|
||||||
Date: Mon, 14 May 2018 13:45:39 GMT
|
Date: Sun, 30 Sep 2018 17:44:24 GMT
|
||||||
Content-Type: text/plain; charset=utf-8
|
Content-Type: text/plain; charset=utf-8
|
||||||
Content-Length: 2
|
Content-Length: 2
|
||||||
Connection: keep-alive
|
Connection: keep-alive
|
||||||
|
@ -397,12 +397,12 @@ curl --cacert ca.pem https://${KUBERNETES_PUBLIC_ADDRESS}:6443/version
|
||||||
```
|
```
|
||||||
{
|
{
|
||||||
"major": "1",
|
"major": "1",
|
||||||
"minor": "10",
|
"minor": "12",
|
||||||
"gitVersion": "v1.10.2",
|
"gitVersion": "v1.12.0",
|
||||||
"gitCommit": "81753b10df112992bf51bbc2c2f85208aad78335",
|
"gitCommit": "0ed33881dc4355495f623c6f22e7dd0b7632b7c0",
|
||||||
"gitTreeState": "clean",
|
"gitTreeState": "clean",
|
||||||
"buildDate": "2018-04-27T09:10:24Z",
|
"buildDate": "2018-09-27T16:55:41Z",
|
||||||
"goVersion": "go1.9.3",
|
"goVersion": "go1.10.4",
|
||||||
"compiler": "gc",
|
"compiler": "gc",
|
||||||
"platform": "linux/amd64"
|
"platform": "linux/amd64"
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,14 +31,14 @@ Install the OS dependencies:
|
||||||
|
|
||||||
```
|
```
|
||||||
wget -q --show-progress --https-only --timestamping \
|
wget -q --show-progress --https-only --timestamping \
|
||||||
https://github.com/kubernetes-incubator/cri-tools/releases/download/v1.0.0-beta.0/crictl-v1.0.0-beta.0-linux-amd64.tar.gz \
|
https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.12.0/crictl-v1.12.0-linux-amd64.tar.gz \
|
||||||
https://storage.googleapis.com/kubernetes-the-hard-way/runsc \
|
https://storage.googleapis.com/kubernetes-the-hard-way/runsc-50c283b9f56bb7200938d9e207355f05f79f0d17 \
|
||||||
https://github.com/opencontainers/runc/releases/download/v1.0.0-rc5/runc.amd64 \
|
https://github.com/opencontainers/runc/releases/download/v1.0.0-rc5/runc.amd64 \
|
||||||
https://github.com/containernetworking/plugins/releases/download/v0.6.0/cni-plugins-amd64-v0.6.0.tgz \
|
https://github.com/containernetworking/plugins/releases/download/v0.6.0/cni-plugins-amd64-v0.6.0.tgz \
|
||||||
https://github.com/containerd/containerd/releases/download/v1.1.0/containerd-1.1.0.linux-amd64.tar.gz \
|
https://github.com/containerd/containerd/releases/download/v1.2.0-rc.0/containerd-1.2.0-rc.0.linux-amd64.tar.gz \
|
||||||
https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kubectl \
|
https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kubectl \
|
||||||
https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kube-proxy \
|
https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kube-proxy \
|
||||||
https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kubelet
|
https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kubelet
|
||||||
```
|
```
|
||||||
|
|
||||||
Create the installation directories:
|
Create the installation directories:
|
||||||
|
@ -57,12 +57,13 @@ Install the worker binaries:
|
||||||
|
|
||||||
```
|
```
|
||||||
{
|
{
|
||||||
chmod +x kubectl kube-proxy kubelet runc.amd64 runsc
|
sudo mv runsc-50c283b9f56bb7200938d9e207355f05f79f0d17 runsc
|
||||||
sudo mv runc.amd64 runc
|
sudo mv runc.amd64 runc
|
||||||
|
chmod +x kubectl kube-proxy kubelet runc runsc
|
||||||
sudo mv kubectl kube-proxy kubelet runc runsc /usr/local/bin/
|
sudo mv kubectl kube-proxy kubelet runc runsc /usr/local/bin/
|
||||||
sudo tar -xvf crictl-v1.0.0-beta.0-linux-amd64.tar.gz -C /usr/local/bin/
|
sudo tar -xvf crictl-v1.12.0-linux-amd64.tar.gz -C /usr/local/bin/
|
||||||
sudo tar -xvf cni-plugins-amd64-v0.6.0.tgz -C /opt/cni/bin/
|
sudo tar -xvf cni-plugins-amd64-v0.6.0.tgz -C /opt/cni/bin/
|
||||||
sudo tar -xvf containerd-1.1.0.linux-amd64.tar.gz -C /
|
sudo tar -xvf containerd-1.2.0-rc.0.linux-amd64.tar.gz -C /
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -129,6 +130,10 @@ cat << EOF | sudo tee /etc/containerd/config.toml
|
||||||
runtime_type = "io.containerd.runtime.v1.linux"
|
runtime_type = "io.containerd.runtime.v1.linux"
|
||||||
runtime_engine = "/usr/local/bin/runsc"
|
runtime_engine = "/usr/local/bin/runsc"
|
||||||
runtime_root = "/run/containerd/runsc"
|
runtime_root = "/run/containerd/runsc"
|
||||||
|
[plugins.cri.containerd.gvisor]
|
||||||
|
runtime_type = "io.containerd.runtime.v1.linux"
|
||||||
|
runtime_engine = "/usr/local/bin/runsc"
|
||||||
|
runtime_root = "/run/containerd/runsc"
|
||||||
EOF
|
EOF
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -189,12 +194,15 @@ clusterDomain: "cluster.local"
|
||||||
clusterDNS:
|
clusterDNS:
|
||||||
- "10.32.0.10"
|
- "10.32.0.10"
|
||||||
podCIDR: "${POD_CIDR}"
|
podCIDR: "${POD_CIDR}"
|
||||||
|
resolvConf: "/run/systemd/resolve/resolv.conf"
|
||||||
runtimeRequestTimeout: "15m"
|
runtimeRequestTimeout: "15m"
|
||||||
tlsCertFile: "/var/lib/kubelet/${HOSTNAME}.pem"
|
tlsCertFile: "/var/lib/kubelet/${HOSTNAME}.pem"
|
||||||
tlsPrivateKeyFile: "/var/lib/kubelet/${HOSTNAME}-key.pem"
|
tlsPrivateKeyFile: "/var/lib/kubelet/${HOSTNAME}-key.pem"
|
||||||
EOF
|
EOF
|
||||||
```
|
```
|
||||||
|
|
||||||
|
> The `resolvConf` configuration is used to avoid loops when using CoreDNS for service discovery on systems running `systemd-resolved`.
|
||||||
|
|
||||||
Create the `kubelet.service` systemd unit file:
|
Create the `kubelet.service` systemd unit file:
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -288,9 +296,9 @@ gcloud compute ssh controller-0 \
|
||||||
|
|
||||||
```
|
```
|
||||||
NAME STATUS ROLES AGE VERSION
|
NAME STATUS ROLES AGE VERSION
|
||||||
worker-0 Ready <none> 20s v1.10.2
|
worker-0 Ready <none> 35s v1.12.0
|
||||||
worker-1 Ready <none> 20s v1.10.2
|
worker-1 Ready <none> 36s v1.12.0
|
||||||
worker-2 Ready <none> 20s v1.10.2
|
worker-2 Ready <none> 36s v1.12.0
|
||||||
```
|
```
|
||||||
|
|
||||||
Next: [Configuring kubectl for Remote Access](10-configuring-kubectl.md)
|
Next: [Configuring kubectl for Remote Access](10-configuring-kubectl.md)
|
||||||
|
|
|
@ -62,9 +62,9 @@ kubectl get nodes
|
||||||
|
|
||||||
```
|
```
|
||||||
NAME STATUS ROLES AGE VERSION
|
NAME STATUS ROLES AGE VERSION
|
||||||
worker-0 Ready <none> 1m v1.10.2
|
worker-0 Ready <none> 117s v1.12.0
|
||||||
worker-1 Ready <none> 1m v1.10.2
|
worker-1 Ready <none> 118s v1.12.0
|
||||||
worker-2 Ready <none> 1m v1.10.2
|
worker-2 Ready <none> 118s v1.12.0
|
||||||
```
|
```
|
||||||
|
|
||||||
Next: [Provisioning Pod Network Routes](11-pod-network-routes.md)
|
Next: [Provisioning Pod Network Routes](11-pod-network-routes.md)
|
||||||
|
|
|
@ -50,8 +50,8 @@ gcloud compute routes list --filter "network: kubernetes-the-hard-way"
|
||||||
|
|
||||||
```
|
```
|
||||||
NAME NETWORK DEST_RANGE NEXT_HOP PRIORITY
|
NAME NETWORK DEST_RANGE NEXT_HOP PRIORITY
|
||||||
default-route-236a40a8bc992b5b kubernetes-the-hard-way 0.0.0.0/0 default-internet-gateway 1000
|
default-route-081879136902de56 kubernetes-the-hard-way 10.240.0.0/24 kubernetes-the-hard-way 1000
|
||||||
default-route-df77b1e818a56b30 kubernetes-the-hard-way 10.240.0.0/24 1000
|
default-route-55199a5aa126d7aa kubernetes-the-hard-way 0.0.0.0/0 default-internet-gateway 1000
|
||||||
kubernetes-route-10-200-0-0-24 kubernetes-the-hard-way 10.200.0.0/24 10.240.0.20 1000
|
kubernetes-route-10-200-0-0-24 kubernetes-the-hard-way 10.200.0.0/24 10.240.0.20 1000
|
||||||
kubernetes-route-10-200-1-0-24 kubernetes-the-hard-way 10.200.1.0/24 10.240.0.21 1000
|
kubernetes-route-10-200-1-0-24 kubernetes-the-hard-way 10.200.1.0/24 10.240.0.21 1000
|
||||||
kubernetes-route-10-200-2-0-24 kubernetes-the-hard-way 10.200.2.0/24 10.240.0.22 1000
|
kubernetes-route-10-200-2-0-24 kubernetes-the-hard-way 10.200.2.0/24 10.240.0.22 1000
|
||||||
|
|
|
@ -1,22 +1,24 @@
|
||||||
# Deploying the DNS Cluster Add-on
|
# Deploying the DNS Cluster Add-on
|
||||||
|
|
||||||
In this lab you will deploy the [DNS add-on](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/) which provides DNS based service discovery to applications running inside the Kubernetes cluster.
|
In this lab you will deploy the [DNS add-on](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/) which provides DNS based service discovery, backed by [CoreDNS](https://coredns.io/), to applications running inside the Kubernetes cluster.
|
||||||
|
|
||||||
## The DNS Cluster Add-on
|
## The DNS Cluster Add-on
|
||||||
|
|
||||||
Deploy the `kube-dns` cluster add-on:
|
Deploy the `coredns` cluster add-on:
|
||||||
|
|
||||||
```
|
```
|
||||||
kubectl create -f https://storage.googleapis.com/kubernetes-the-hard-way/kube-dns.yaml
|
kubectl apply -f https://storage.googleapis.com/kubernetes-the-hard-way/coredns.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
> output
|
> output
|
||||||
|
|
||||||
```
|
```
|
||||||
service "kube-dns" created
|
serviceaccount/coredns created
|
||||||
serviceaccount "kube-dns" created
|
clusterrole.rbac.authorization.k8s.io/system:coredns created
|
||||||
configmap "kube-dns" created
|
clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
|
||||||
deployment.extensions "kube-dns" created
|
configmap/coredns created
|
||||||
|
deployment.extensions/coredns created
|
||||||
|
service/kube-dns created
|
||||||
```
|
```
|
||||||
|
|
||||||
List the pods created by the `kube-dns` deployment:
|
List the pods created by the `kube-dns` deployment:
|
||||||
|
@ -29,7 +31,8 @@ kubectl get pods -l k8s-app=kube-dns -n kube-system
|
||||||
|
|
||||||
```
|
```
|
||||||
NAME READY STATUS RESTARTS AGE
|
NAME READY STATUS RESTARTS AGE
|
||||||
kube-dns-3097350089-gq015 3/3 Running 0 20s
|
coredns-699f8ddd77-94qv9 1/1 Running 0 20s
|
||||||
|
coredns-699f8ddd77-gtcgb 1/1 Running 0 20s
|
||||||
```
|
```
|
||||||
|
|
||||||
## Verification
|
## Verification
|
||||||
|
@ -37,7 +40,7 @@ kube-dns-3097350089-gq015 3/3 Running 0 20s
|
||||||
Create a `busybox` deployment:
|
Create a `busybox` deployment:
|
||||||
|
|
||||||
```
|
```
|
||||||
kubectl run busybox --image=busybox --command -- sleep 3600
|
kubectl run busybox --image=busybox:1.28 --command -- sleep 3600
|
||||||
```
|
```
|
||||||
|
|
||||||
List the pod created by the `busybox` deployment:
|
List the pod created by the `busybox` deployment:
|
||||||
|
@ -50,7 +53,7 @@ kubectl get pods -l run=busybox
|
||||||
|
|
||||||
```
|
```
|
||||||
NAME READY STATUS RESTARTS AGE
|
NAME READY STATUS RESTARTS AGE
|
||||||
busybox-2125412808-mt2vb 1/1 Running 0 15s
|
busybox-bd8fb7cbd-vflm9 1/1 Running 0 10s
|
||||||
```
|
```
|
||||||
|
|
||||||
Retrieve the full name of the `busybox` pod:
|
Retrieve the full name of the `busybox` pod:
|
||||||
|
|
|
@ -32,17 +32,17 @@ gcloud compute ssh controller-0 \
|
||||||
00000010 73 2f 64 65 66 61 75 6c 74 2f 6b 75 62 65 72 6e |s/default/kubern|
|
00000010 73 2f 64 65 66 61 75 6c 74 2f 6b 75 62 65 72 6e |s/default/kubern|
|
||||||
00000020 65 74 65 73 2d 74 68 65 2d 68 61 72 64 2d 77 61 |etes-the-hard-wa|
|
00000020 65 74 65 73 2d 74 68 65 2d 68 61 72 64 2d 77 61 |etes-the-hard-wa|
|
||||||
00000030 79 0a 6b 38 73 3a 65 6e 63 3a 61 65 73 63 62 63 |y.k8s:enc:aescbc|
|
00000030 79 0a 6b 38 73 3a 65 6e 63 3a 61 65 73 63 62 63 |y.k8s:enc:aescbc|
|
||||||
00000040 3a 76 31 3a 6b 65 79 31 3a 7b 8e 59 78 0f 59 09 |:v1:key1:{.Yx.Y.|
|
00000040 3a 76 31 3a 6b 65 79 31 3a dd 3f 36 6c ce 65 9d |:v1:key1:.?6l.e.|
|
||||||
00000050 e2 6a ce cd f4 b6 4e ec bc 91 aa 87 06 29 39 8d |.j....N......)9.|
|
00000050 b3 b1 46 1a ba ae a2 1f e4 fa 13 0c 4b 6e 2c 3c |..F.........Kn,<|
|
||||||
00000060 70 e8 5d c4 b1 66 69 49 60 8f c0 cc 55 d3 69 2b |p.]..fiI`...U.i+|
|
00000060 15 fa 88 56 84 b7 aa c0 7a ca 66 f3 de db 2b a3 |...V....z.f...+.|
|
||||||
00000070 49 bb 0e 7b 90 10 b0 85 5b b1 e2 c6 33 b6 b7 31 |I..{....[...3..1|
|
00000070 88 dc b1 b1 d8 2f 16 3e 6b 4a cb ac 88 5d 23 2d |...../.>kJ...]#-|
|
||||||
00000080 25 99 a1 60 8f 40 a9 e5 55 8c 0f 26 ae 76 dc 5b |%..`.@..U..&.v.[|
|
00000080 99 62 be 72 9f a5 01 38 15 c4 43 ac 38 5f ef 88 |.b.r...8..C.8_..|
|
||||||
00000090 78 35 f5 3e c1 1e bc 21 bb 30 e2 0c e3 80 1e 33 |x5.>...!.0.....3|
|
00000090 3b 88 c1 e6 b6 06 4f ae a8 6b c8 40 70 ac 0a d3 |;.....O..k.@p...|
|
||||||
000000a0 90 79 46 6d 23 d8 f9 a2 d7 5d ed 4d 82 2e 9a 5e |.yFm#....].M...^|
|
000000a0 3e dc 2b b6 0f 01 b6 8b e2 21 29 4d 32 d6 67 a6 |>.+......!)M2.g.|
|
||||||
000000b0 5d b6 3c 34 37 51 4b 83 de 99 1a ea 0f 2f 7c 9b |].<47QK....../|.|
|
000000b0 4e 6d bb 61 0d 85 22 ea f4 d6 2d 0a af 3c 71 85 |Nm.a.."...-..<q.|
|
||||||
000000c0 46 15 93 aa ba 72 ba b9 bd e1 a3 c0 45 90 b1 de |F....r......E...|
|
000000c0 96 27 c9 ec 90 e3 56 8c 94 a7 1c 9a 0e 00 28 11 |.'....V.......(.|
|
||||||
000000d0 c4 2e c8 d0 94 ec 25 69 7b af 08 34 93 12 3d 1c |......%i{..4..=.|
|
000000d0 18 28 f4 33 42 d9 57 d9 e3 e9 1c 38 e3 bc 1e c3 |.(.3B.W....8....|
|
||||||
000000e0 fd 23 9b ba e8 d1 25 56 f4 0a |.#....%V..|
|
000000e0 d2 47 f3 20 60 be b8 57 a7 0a |.G. `..W..|
|
||||||
000000ea
|
000000ea
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -68,7 +68,7 @@ kubectl get pods -l run=nginx
|
||||||
|
|
||||||
```
|
```
|
||||||
NAME READY STATUS RESTARTS AGE
|
NAME READY STATUS RESTARTS AGE
|
||||||
nginx-65899c769f-xkfcn 1/1 Running 0 15s
|
nginx-dbddb74b8-6lxg2 1/1 Running 0 10s
|
||||||
```
|
```
|
||||||
|
|
||||||
### Port Forwarding
|
### Port Forwarding
|
||||||
|
@ -104,13 +104,13 @@ curl --head http://127.0.0.1:8080
|
||||||
|
|
||||||
```
|
```
|
||||||
HTTP/1.1 200 OK
|
HTTP/1.1 200 OK
|
||||||
Server: nginx/1.13.12
|
Server: nginx/1.15.4
|
||||||
Date: Mon, 14 May 2018 13:59:21 GMT
|
Date: Sun, 30 Sep 2018 19:23:10 GMT
|
||||||
Content-Type: text/html
|
Content-Type: text/html
|
||||||
Content-Length: 612
|
Content-Length: 612
|
||||||
Last-Modified: Mon, 09 Apr 2018 16:01:09 GMT
|
Last-Modified: Tue, 25 Sep 2018 15:04:03 GMT
|
||||||
Connection: keep-alive
|
Connection: keep-alive
|
||||||
ETag: "5acb8e45-264"
|
ETag: "5baa4e63-264"
|
||||||
Accept-Ranges: bytes
|
Accept-Ranges: bytes
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -136,7 +136,7 @@ kubectl logs $POD_NAME
|
||||||
> output
|
> output
|
||||||
|
|
||||||
```
|
```
|
||||||
127.0.0.1 - - [14/May/2018:13:59:21 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.52.1" "-"
|
127.0.0.1 - - [30/Sep/2018:19:23:10 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.58.0" "-"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Exec
|
### Exec
|
||||||
|
@ -152,7 +152,7 @@ kubectl exec -ti $POD_NAME -- nginx -v
|
||||||
> output
|
> output
|
||||||
|
|
||||||
```
|
```
|
||||||
nginx version: nginx/1.13.12
|
nginx version: nginx/1.15.4
|
||||||
```
|
```
|
||||||
|
|
||||||
## Services
|
## Services
|
||||||
|
@ -199,13 +199,13 @@ curl -I http://${EXTERNAL_IP}:${NODE_PORT}
|
||||||
|
|
||||||
```
|
```
|
||||||
HTTP/1.1 200 OK
|
HTTP/1.1 200 OK
|
||||||
Server: nginx/1.13.12
|
Server: nginx/1.15.4
|
||||||
Date: Mon, 14 May 2018 14:01:30 GMT
|
Date: Sun, 30 Sep 2018 19:25:40 GMT
|
||||||
Content-Type: text/html
|
Content-Type: text/html
|
||||||
Content-Length: 612
|
Content-Length: 612
|
||||||
Last-Modified: Mon, 09 Apr 2018 16:01:09 GMT
|
Last-Modified: Tue, 25 Sep 2018 15:04:03 GMT
|
||||||
Connection: keep-alive
|
Connection: keep-alive
|
||||||
ETag: "5acb8e45-264"
|
ETag: "5baa4e63-264"
|
||||||
Accept-Ranges: bytes
|
Accept-Ranges: bytes
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -265,22 +265,22 @@ List the containers running under gVisor:
|
||||||
sudo runsc --root /run/containerd/runsc/k8s.io list
|
sudo runsc --root /run/containerd/runsc/k8s.io list
|
||||||
```
|
```
|
||||||
```
|
```
|
||||||
I0514 14:03:56.108368 14988 x:0] ***************************
|
I0930 19:27:13.255142 20832 x:0] ***************************
|
||||||
I0514 14:03:56.108548 14988 x:0] Args: [runsc --root /run/containerd/runsc/k8s.io list]
|
I0930 19:27:13.255326 20832 x:0] Args: [runsc --root /run/containerd/runsc/k8s.io list]
|
||||||
I0514 14:03:56.108730 14988 x:0] Git Revision: 08879266fef3a67fac1a77f1ea133c3ac75759dd
|
I0930 19:27:13.255386 20832 x:0] Git Revision: 50c283b9f56bb7200938d9e207355f05f79f0d17
|
||||||
I0514 14:03:56.108787 14988 x:0] PID: 14988
|
I0930 19:27:13.255429 20832 x:0] PID: 20832
|
||||||
I0514 14:03:56.108838 14988 x:0] UID: 0, GID: 0
|
I0930 19:27:13.255472 20832 x:0] UID: 0, GID: 0
|
||||||
I0514 14:03:56.108877 14988 x:0] Configuration:
|
I0930 19:27:13.255591 20832 x:0] Configuration:
|
||||||
I0514 14:03:56.108912 14988 x:0] RootDir: /run/containerd/runsc/k8s.io
|
I0930 19:27:13.255654 20832 x:0] RootDir: /run/containerd/runsc/k8s.io
|
||||||
I0514 14:03:56.109000 14988 x:0] Platform: ptrace
|
I0930 19:27:13.255781 20832 x:0] Platform: ptrace
|
||||||
I0514 14:03:56.109080 14988 x:0] FileAccess: proxy, overlay: false
|
I0930 19:27:13.255893 20832 x:0] FileAccess: exclusive, overlay: false
|
||||||
I0514 14:03:56.109159 14988 x:0] Network: sandbox, logging: false
|
I0930 19:27:13.256004 20832 x:0] Network: sandbox, logging: false
|
||||||
I0514 14:03:56.109238 14988 x:0] Strace: false, max size: 1024, syscalls: []
|
I0930 19:27:13.256128 20832 x:0] Strace: false, max size: 1024, syscalls: []
|
||||||
I0514 14:03:56.109315 14988 x:0] ***************************
|
I0930 19:27:13.256238 20832 x:0] ***************************
|
||||||
ID PID STATUS BUNDLE CREATED OWNER
|
ID PID STATUS BUNDLE CREATED OWNER
|
||||||
3528c6b270c76858e15e10ede61bd1100b77519e7c9972d51b370d6a3c60adbb 14766 running /run/containerd/io.containerd.runtime.v1.linux/k8s.io/3528c6b270c76858e15e10ede61bd1100b77519e7c9972d51b370d6a3c60adbb 2018-05-14T14:02:34.302378996Z
|
79e74d0cec52a1ff4bc2c9b0bb9662f73ea918959c08bca5bcf07ddb6cb0e1fd 20449 running /run/containerd/io.containerd.runtime.v1.linux/k8s.io/79e74d0cec52a1ff4bc2c9b0bb9662f73ea918959c08bca5bcf07ddb6cb0e1fd 0001-01-01T00:00:00Z
|
||||||
7ff747c919c2dcf31e64d7673340885138317c91c7c51ec6302527df680ba981 14716 running /run/containerd/io.containerd.runtime.v1.linux/k8s.io/7ff747c919c2dcf31e64d7673340885138317c91c7c51ec6302527df680ba981 2018-05-14T14:02:32.159552044Z
|
af7470029008a4520b5db9fb5b358c65d64c9f748fae050afb6eaf014a59fea5 20510 running /run/containerd/io.containerd.runtime.v1.linux/k8s.io/af7470029008a4520b5db9fb5b358c65d64c9f748fae050afb6eaf014a59fea5 0001-01-01T00:00:00Z
|
||||||
I0514 14:03:56.111287 14988 x:0] Exiting with status: 0
|
I0930 19:27:13.259733 20832 x:0] Exiting with status: 0
|
||||||
```
|
```
|
||||||
|
|
||||||
Get the ID of the `untrusted` pod:
|
Get the ID of the `untrusted` pod:
|
||||||
|
@ -306,21 +306,21 @@ sudo runsc --root /run/containerd/runsc/k8s.io ps ${CONTAINER_ID}
|
||||||
> output
|
> output
|
||||||
|
|
||||||
```
|
```
|
||||||
I0514 14:05:16.499237 15096 x:0] ***************************
|
I0930 19:31:31.419765 21217 x:0] ***************************
|
||||||
I0514 14:05:16.499542 15096 x:0] Args: [runsc --root /run/containerd/runsc/k8s.io ps 3528c6b270c76858e15e10ede61bd1100b77519e7c9972d51b370d6a3c60adbb]
|
I0930 19:31:31.419907 21217 x:0] Args: [runsc --root /run/containerd/runsc/k8s.io ps af7470029008a4520b5db9fb5b358c65d64c9f748fae050afb6eaf014a59fea5]
|
||||||
I0514 14:05:16.499597 15096 x:0] Git Revision: 08879266fef3a67fac1a77f1ea133c3ac75759dd
|
I0930 19:31:31.419959 21217 x:0] Git Revision: 50c283b9f56bb7200938d9e207355f05f79f0d17
|
||||||
I0514 14:05:16.499644 15096 x:0] PID: 15096
|
I0930 19:31:31.420000 21217 x:0] PID: 21217
|
||||||
I0514 14:05:16.499695 15096 x:0] UID: 0, GID: 0
|
I0930 19:31:31.420041 21217 x:0] UID: 0, GID: 0
|
||||||
I0514 14:05:16.499734 15096 x:0] Configuration:
|
I0930 19:31:31.420081 21217 x:0] Configuration:
|
||||||
I0514 14:05:16.499769 15096 x:0] RootDir: /run/containerd/runsc/k8s.io
|
I0930 19:31:31.420115 21217 x:0] RootDir: /run/containerd/runsc/k8s.io
|
||||||
I0514 14:05:16.499880 15096 x:0] Platform: ptrace
|
I0930 19:31:31.420188 21217 x:0] Platform: ptrace
|
||||||
I0514 14:05:16.499962 15096 x:0] FileAccess: proxy, overlay: false
|
I0930 19:31:31.420266 21217 x:0] FileAccess: exclusive, overlay: false
|
||||||
I0514 14:05:16.500042 15096 x:0] Network: sandbox, logging: false
|
I0930 19:31:31.420424 21217 x:0] Network: sandbox, logging: false
|
||||||
I0514 14:05:16.500120 15096 x:0] Strace: false, max size: 1024, syscalls: []
|
I0930 19:31:31.420515 21217 x:0] Strace: false, max size: 1024, syscalls: []
|
||||||
I0514 14:05:16.500197 15096 x:0] ***************************
|
I0930 19:31:31.420676 21217 x:0] ***************************
|
||||||
UID PID PPID C STIME TIME CMD
|
UID PID PPID C STIME TIME CMD
|
||||||
0 1 0 0 14:02 40ms app
|
0 1 0 0 19:26 10ms app
|
||||||
I0514 14:05:16.501354 15096 x:0] Exiting with status: 0
|
I0930 19:31:31.422022 21217 x:0] Exiting with status: 0
|
||||||
```
|
```
|
||||||
|
|
||||||
Next: [Cleaning Up](14-cleanup.md)
|
Next: [Cleaning Up](14-cleanup.md)
|
||||||
|
|
Loading…
Reference in New Issue