From e8314eebb732fa41199c2fe0e1fd29d91bb3402a Mon Sep 17 00:00:00 2001 From: Mahyar Mirrashed Date: Fri, 18 Apr 2025 16:24:51 -0700 Subject: [PATCH 1/8] docs: add context on what a jumpbox is --- docs/01-prerequisites.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/01-prerequisites.md b/docs/01-prerequisites.md index 4e9ad1d..4c91c10 100644 --- a/docs/01-prerequisites.md +++ b/docs/01-prerequisites.md @@ -6,6 +6,8 @@ In this lab you will review the machine requirements necessary to follow this tu This tutorial requires four (4) virtual or physical ARM64 or AMD64 machines running Debian 12 (bookworm). The following table lists the four machines and their CPU, memory, and storage requirements. +The "jumpbox" is from where we will be administering/configuring the Kubernetes cluster. + | Name | Description | CPU | RAM | Storage | |---------|------------------------|-----|-------|---------| | jumpbox | Administration host | 1 | 512MB | 10GB | From 6fac812440d353c7a590ca9971e46c608569806a Mon Sep 17 00:00:00 2001 From: Mahyar Mirrashed Date: Fri, 18 Apr 2025 16:25:27 -0700 Subject: [PATCH 2/8] docs: add note that vms should be configured in headless mode There's no need to have them with a GUI. It makes them quite laggy with the constrained resources allocated to them. --- docs/01-prerequisites.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/01-prerequisites.md b/docs/01-prerequisites.md index 4c91c10..ef359e8 100644 --- a/docs/01-prerequisites.md +++ b/docs/01-prerequisites.md @@ -15,7 +15,12 @@ The "jumpbox" is from where we will be administering/configuring the Kubernetes | node-0 | Kubernetes worker node | 1 | 2GB | 20GB | | node-1 | Kubernetes worker node | 1 | 2GB | 20GB | -How you provision the machines is up to you, the only requirement is that each machine meet the above system requirements including the machine specs and OS version. Once you have all four machines provisioned, verify the OS requirements by viewing the `/etc/os-release` file: +How you provision the machines is up to you, the only requirement is that each machine meet the above system requirements including the machine specs and OS version. + +> [!NOTE] +> You should configure these VMs in headless (no GUI/desktop) mode. Our labs will be performed entirely on the command line. + +Once you have all four machines provisioned, verify the OS requirements by viewing the `/etc/os-release` file: ```bash cat /etc/os-release From b045303f0cf3b83222058ab0fb1875b4eeba0437 Mon Sep 17 00:00:00 2001 From: Mahyar Mirrashed Date: Fri, 18 Apr 2025 16:25:38 -0700 Subject: [PATCH 3/8] refactor: put command onto single line --- docs/03-compute-resources.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/03-compute-resources.md b/docs/03-compute-resources.md index 3918244..c4caae9 100644 --- a/docs/03-compute-resources.md +++ b/docs/03-compute-resources.md @@ -214,8 +214,7 @@ Copy the `hosts` file to each machine and append the contents to `/etc/hosts`: ```bash while read IP FQDN HOST SUBNET; do scp hosts root@${HOST}:~/ - ssh -n \ - root@${HOST} "cat hosts >> /etc/hosts" + ssh -n root@${HOST} "cat hosts >> /etc/hosts" done < machines.txt ``` From 9b6a9dab6a2a2e6efffdb15d3933fb8e2cfec6d2 Mon Sep 17 00:00:00 2001 From: Mahyar Mirrashed Date: Fri, 18 Apr 2025 16:26:25 -0700 Subject: [PATCH 4/8] fix: remove extra backslash --- docs/05-kubernetes-configuration-files.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/05-kubernetes-configuration-files.md b/docs/05-kubernetes-configuration-files.md index 08a4ff7..3bb6d89 100644 --- a/docs/05-kubernetes-configuration-files.md +++ b/docs/05-kubernetes-configuration-files.md @@ -191,7 +191,7 @@ for host in node-0 node-1; do ssh root@${host} "mkdir -p /var/lib/{kube-proxy,kubelet}" scp kube-proxy.kubeconfig \ - root@${host}:/var/lib/kube-proxy/kubeconfig \ + root@${host}:/var/lib/kube-proxy/kubeconfig scp ${host}.kubeconfig \ root@${host}:/var/lib/kubelet/kubeconfig From 6ef877807dc962a6c2583ca8b4ad15af76e1be8d Mon Sep 17 00:00:00 2001 From: Mahyar Mirrashed Date: Fri, 18 Apr 2025 16:26:42 -0700 Subject: [PATCH 5/8] refactor: combine scripts for creating kubernetes service kube configs --- docs/05-kubernetes-configuration-files.md | 91 +++-------------------- 1 file changed, 12 insertions(+), 79 deletions(-) diff --git a/docs/05-kubernetes-configuration-files.md b/docs/05-kubernetes-configuration-files.md index 3bb6d89..0fe6b4d 100644 --- a/docs/05-kubernetes-configuration-files.md +++ b/docs/05-kubernetes-configuration-files.md @@ -45,106 +45,39 @@ node-0.kubeconfig node-1.kubeconfig ``` -### The kube-proxy Kubernetes Configuration File +### The Kubernetes Service Configuration Files -Generate a kubeconfig file for the `kube-proxy` service: +Generate a `.kubeconfig` file for the `kube-proxy`, `kube-controller-manager`, and `kube-scheduler` services: ```bash -{ +for service in proxy controller-manager scheduler; do kubectl config set-cluster kubernetes-the-hard-way \ --certificate-authority=ca.crt \ --embed-certs=true \ --server=https://server.kubernetes.local:6443 \ - --kubeconfig=kube-proxy.kubeconfig + --kubeconfig=kube-${service}.kubeconfig - kubectl config set-credentials system:kube-proxy \ - --client-certificate=kube-proxy.crt \ - --client-key=kube-proxy.key \ + kubectl config set-credentials system:kube-${service} \ + --client-certificate=kube-${service}.crt \ + --client-key=kube-${service}.key \ --embed-certs=true \ - --kubeconfig=kube-proxy.kubeconfig + --kubeconfig=kube-${service}.kubeconfig kubectl config set-context default \ --cluster=kubernetes-the-hard-way \ - --user=system:kube-proxy \ - --kubeconfig=kube-proxy.kubeconfig + --user=system:kube-${service} \ + --kubeconfig=kube-${service}.kubeconfig kubectl config use-context default \ - --kubeconfig=kube-proxy.kubeconfig -} + --kubeconfig=kube-${service}.kubeconfig +done ``` Results: ```text kube-proxy.kubeconfig -``` - -### The kube-controller-manager Kubernetes Configuration File - -Generate a kubeconfig file for the `kube-controller-manager` service: - -```bash -{ - kubectl config set-cluster kubernetes-the-hard-way \ - --certificate-authority=ca.crt \ - --embed-certs=true \ - --server=https://server.kubernetes.local:6443 \ - --kubeconfig=kube-controller-manager.kubeconfig - - kubectl config set-credentials system:kube-controller-manager \ - --client-certificate=kube-controller-manager.crt \ - --client-key=kube-controller-manager.key \ - --embed-certs=true \ - --kubeconfig=kube-controller-manager.kubeconfig - - kubectl config set-context default \ - --cluster=kubernetes-the-hard-way \ - --user=system:kube-controller-manager \ - --kubeconfig=kube-controller-manager.kubeconfig - - kubectl config use-context default \ - --kubeconfig=kube-controller-manager.kubeconfig -} -``` - -Results: - -```text kube-controller-manager.kubeconfig -``` - - -### The kube-scheduler Kubernetes Configuration File - -Generate a kubeconfig file for the `kube-scheduler` service: - -```bash -{ - kubectl config set-cluster kubernetes-the-hard-way \ - --certificate-authority=ca.crt \ - --embed-certs=true \ - --server=https://server.kubernetes.local:6443 \ - --kubeconfig=kube-scheduler.kubeconfig - - kubectl config set-credentials system:kube-scheduler \ - --client-certificate=kube-scheduler.crt \ - --client-key=kube-scheduler.key \ - --embed-certs=true \ - --kubeconfig=kube-scheduler.kubeconfig - - kubectl config set-context default \ - --cluster=kubernetes-the-hard-way \ - --user=system:kube-scheduler \ - --kubeconfig=kube-scheduler.kubeconfig - - kubectl config use-context default \ - --kubeconfig=kube-scheduler.kubeconfig -} -``` - -Results: - -```text kube-scheduler.kubeconfig ``` From 1bafd8a03fe5d806158bb77d607a85ee95cc5adc Mon Sep 17 00:00:00 2001 From: Mahyar Mirrashed Date: Fri, 18 Apr 2025 16:27:00 -0700 Subject: [PATCH 6/8] refactor: simplify scripts for adding ip routes to machines --- docs/11-pod-network-routes.md | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/docs/11-pod-network-routes.md b/docs/11-pod-network-routes.md index 7e7cfd4..ccc1fb5 100644 --- a/docs/11-pod-network-routes.md +++ b/docs/11-pod-network-routes.md @@ -23,22 +23,16 @@ Print the internal IP address and Pod CIDR range for each worker instance: ``` ```bash -ssh root@server < Date: Fri, 18 Apr 2025 16:27:15 -0700 Subject: [PATCH 7/8] refactor: use a fixed version of nginx image --- docs/12-smoke-test.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/12-smoke-test.md b/docs/12-smoke-test.md index c31ea9b..354cff3 100644 --- a/docs/12-smoke-test.md +++ b/docs/12-smoke-test.md @@ -56,7 +56,7 @@ Create a deployment for the [nginx](https://nginx.org/en/) web server: ```bash kubectl create deployment nginx \ - --image=nginx:latest + --image=nginx:1.27.4 ``` List the pod created by the `nginx` deployment: From d19d66e3472c958fb3643d7491619a63681ca0a2 Mon Sep 17 00:00:00 2001 From: Mahyar Mirrashed Date: Fri, 18 Apr 2025 16:27:39 -0700 Subject: [PATCH 8/8] docs: add heads up about using tmux for testing port forwarding --- docs/12-smoke-test.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/12-smoke-test.md b/docs/12-smoke-test.md index 354cff3..b04018b 100644 --- a/docs/12-smoke-test.md +++ b/docs/12-smoke-test.md @@ -72,7 +72,7 @@ nginx-56fcf95486-c8dnx 1/1 Running 0 8s ### Port Forwarding -In this section you will verify the ability to access applications remotely using [port forwarding](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/). +In this section you will verify the ability to access applications remotely using [port forwarding](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/). If you are familiar with `tmux`, start a Tmux session for this part (install it with `apt-get install -y tmux`). Retrieve the full name of the `nginx` pod: @@ -92,7 +92,7 @@ Forwarding from 127.0.0.1:8080 -> 80 Forwarding from [::1]:8080 -> 80 ``` -In a new terminal make an HTTP request using the forwarding address: +In a new terminal/window, make an HTTP request using the forwarding address: ```bash curl --head http://127.0.0.1:8080