diff --git a/README.md b/README.md index f7ad452..d33275a 100644 --- a/README.md +++ b/README.md @@ -19,11 +19,11 @@ The target audience for this tutorial is someone planning to support a productio Kubernetes The Hard Way guides you through bootstrapping a highly available Kubernetes cluster with end-to-end encryption between components and RBAC authentication. -* [kubernetes](https://github.com/kubernetes/kubernetes) 1.15.3 -* [containerd](https://github.com/containerd/containerd) 1.2.9 -* [coredns](https://github.com/coredns/coredns) v1.6.3 -* [cni](https://github.com/containernetworking/cni) v0.7.1 -* [etcd](https://github.com/coreos/etcd) v3.4.0 +* [kubernetes](https://github.com/kubernetes/kubernetes) v1.18.6 +* [containerd](https://github.com/containerd/containerd) v1.3.6 +* [coredns](https://github.com/coredns/coredns) v1.7.0 +* [cni](https://github.com/containernetworking/cni) v0.8.6 +* [etcd](https://github.com/coreos/etcd) v3.4.10 ## Labs diff --git a/deployments/coredns.yaml b/deployments/coredns-1.7.0.yaml similarity index 99% rename from deployments/coredns.yaml rename to deployments/coredns-1.7.0.yaml index 4c0dbc0..e471d9f 100644 --- a/deployments/coredns.yaml +++ b/deployments/coredns-1.7.0.yaml @@ -98,7 +98,7 @@ spec: beta.kubernetes.io/os: linux containers: - name: coredns - image: coredns/coredns:1.6.2 + image: coredns/coredns:1.7.0 imagePullPolicy: IfNotPresent resources: limits: diff --git a/docs/01-prerequisites.md b/docs/01-prerequisites.md index 01c4d13..1e47b1b 100644 --- a/docs/01-prerequisites.md +++ b/docs/01-prerequisites.md @@ -4,7 +4,7 @@ This tutorial leverages the [Google Cloud Platform](https://cloud.google.com/) to streamline provisioning of the compute infrastructure required to bootstrap a Kubernetes cluster from the ground up. [Sign up](https://cloud.google.com/free/) for $300 in free credits. -[Estimated cost](https://cloud.google.com/products/calculator/#id=55663256-c384-449c-9306-e39893e23afb) to run this tutorial: $0.23 per hour ($5.46 per day). +[Estimated cost](https://cloud.google.com/products/calculator#id=873932bc-0840-4176-b0fa-a8cfd4ca61ae) to run this tutorial: $0.23 per hour ($5.50 per day). > The compute resources required for this tutorial exceed the Google Cloud Platform free tier. @@ -14,7 +14,7 @@ This tutorial leverages the [Google Cloud Platform](https://cloud.google.com/) t Follow the Google Cloud SDK [documentation](https://cloud.google.com/sdk/) to install and configure the `gcloud` command line utility. -Verify the Google Cloud SDK version is 262.0.0 or higher: +Verify the Google Cloud SDK version is 301.0.0 or higher: ``` gcloud version diff --git a/docs/02-client-tools.md b/docs/02-client-tools.md index 2252c96..6a89963 100644 --- a/docs/02-client-tools.md +++ b/docs/02-client-tools.md @@ -12,8 +12,8 @@ Download and install `cfssl` and `cfssljson`: ### OS X ``` -curl -o cfssl https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/darwin/cfssl -curl -o cfssljson https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/darwin/cfssljson +curl -o cfssl https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/1.4.1/darwin/cfssl +curl -o cfssljson https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/1.4.1/darwin/cfssljson ``` ``` @@ -34,8 +34,8 @@ brew install cfssl ``` wget -q --show-progress --https-only --timestamping \ - https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/linux/cfssl \ - https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/linux/cfssljson + https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/1.4.1/linux/cfssl \ + https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/1.4.1/linux/cfssljson ``` ``` @@ -48,7 +48,7 @@ sudo mv cfssl cfssljson /usr/local/bin/ ### Verification -Verify `cfssl` and `cfssljson` version 1.3.4 or higher is installed: +Verify `cfssl` and `cfssljson` version 1.4.1 or higher is installed: ``` cfssl version @@ -57,18 +57,16 @@ cfssl version > output ``` -Version: 1.3.4 -Revision: dev -Runtime: go1.13 +Version: 1.4.1 +Runtime: go1.12.12 ``` ``` cfssljson --version ``` ``` -Version: 1.3.4 -Revision: dev -Runtime: go1.13 +Version: 1.4.1 +Runtime: go1.12.12 ``` ## Install kubectl @@ -78,7 +76,7 @@ The `kubectl` command line utility is used to interact with the Kubernetes API S ### OS X ``` -curl -o kubectl https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/darwin/amd64/kubectl +curl -o kubectl https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/darwin/amd64/kubectl ``` ``` @@ -92,7 +90,7 @@ sudo mv kubectl /usr/local/bin/ ### Linux ``` -wget https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kubectl +wget https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl ``` ``` @@ -105,7 +103,7 @@ sudo mv kubectl /usr/local/bin/ ### Verification -Verify `kubectl` version 1.15.3 or higher is installed: +Verify `kubectl` version 1.18.6 or higher is installed: ``` kubectl version --client @@ -114,7 +112,7 @@ kubectl version --client > output ``` -Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:13:54Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"} +Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.6", GitCommit:"dff82dc0de47299ab66c83c626e08b245ab19037", GitTreeState:"clean", BuildDate:"2020-07-15T16:58:53Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"} ``` Next: [Provisioning Compute Resources](03-compute-resources.md) diff --git a/docs/03-compute-resources.md b/docs/03-compute-resources.md index a30c520..0602cf9 100644 --- a/docs/03-compute-resources.md +++ b/docs/03-compute-resources.md @@ -63,9 +63,9 @@ gcloud compute firewall-rules list --filter="network:kubernetes-the-hard-way" > output ``` -NAME NETWORK DIRECTION PRIORITY ALLOW DENY -kubernetes-the-hard-way-allow-external kubernetes-the-hard-way INGRESS 1000 tcp:22,tcp:6443,icmp -kubernetes-the-hard-way-allow-internal kubernetes-the-hard-way INGRESS 1000 tcp,udp,icmp +NAME NETWORK DIRECTION PRIORITY ALLOW DENY DISABLED +kubernetes-the-hard-way-allow-external kubernetes-the-hard-way INGRESS 1000 tcp:22,tcp:6443,icmp False +kubernetes-the-hard-way-allow-internal kubernetes-the-hard-way INGRESS 1000 tcp,udp,icmp Fals ``` ### Kubernetes Public IP Address @@ -86,13 +86,13 @@ gcloud compute addresses list --filter="name=('kubernetes-the-hard-way')" > output ``` -NAME REGION ADDRESS STATUS -kubernetes-the-hard-way us-west1 XX.XXX.XXX.XX RESERVED +NAME ADDRESS/RANGE TYPE PURPOSE NETWORK REGION SUBNET STATUS +kubernetes-the-hard-way XX.XXX.XXX.XXX EXTERNAL us-west1 RESERVED ``` ## Compute Instances -The compute instances in this lab will be provisioned using [Ubuntu Server](https://www.ubuntu.com/server) 18.04, which has good support for the [containerd container runtime](https://github.com/containerd/containerd). Each compute instance will be provisioned with a fixed private IP address to simplify the Kubernetes bootstrapping process. +The compute instances in this lab will be provisioned using [Ubuntu Server](https://www.ubuntu.com/server) 20.04, which has good support for the [containerd container runtime](https://github.com/containerd/containerd). Each compute instance will be provisioned with a fixed private IP address to simplify the Kubernetes bootstrapping process. ### Kubernetes Controllers @@ -104,9 +104,9 @@ for i in 0 1 2; do --async \ --boot-disk-size 200GB \ --can-ip-forward \ - --image-family ubuntu-1804-lts \ + --image-family ubuntu-2004-lts \ --image-project ubuntu-os-cloud \ - --machine-type n1-standard-1 \ + --machine-type e2-standard-2 \ --private-network-ip 10.240.0.1${i} \ --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring \ --subnet kubernetes \ @@ -128,9 +128,9 @@ for i in 0 1 2; do --async \ --boot-disk-size 200GB \ --can-ip-forward \ - --image-family ubuntu-1804-lts \ + --image-family ubuntu-2004-lts \ --image-project ubuntu-os-cloud \ - --machine-type n1-standard-1 \ + --machine-type e2-standard-2 \ --metadata pod-cidr=10.200.${i}.0/24 \ --private-network-ip 10.240.0.2${i} \ --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring \ @@ -144,19 +144,19 @@ done List the compute instances in your default compute zone: ``` -gcloud compute instances list +gcloud compute instances list --filter="tags.items=kubernetes-the-hard-way" ``` > output ``` -NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS -controller-0 us-west1-c n1-standard-1 10.240.0.10 XX.XXX.XXX.XXX RUNNING -controller-1 us-west1-c n1-standard-1 10.240.0.11 XX.XXX.X.XX RUNNING -controller-2 us-west1-c n1-standard-1 10.240.0.12 XX.XXX.XXX.XX RUNNING -worker-0 us-west1-c n1-standard-1 10.240.0.20 XXX.XXX.XXX.XX RUNNING -worker-1 us-west1-c n1-standard-1 10.240.0.21 XX.XXX.XX.XXX RUNNING -worker-2 us-west1-c n1-standard-1 10.240.0.22 XXX.XXX.XX.XX RUNNING +NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS +controller-0 us-west1-c e2-standard-2 10.240.0.10 XX.XX.XX.XXX RUNNING +controller-1 us-west1-c e2-standard-2 10.240.0.11 XX.XXX.XXX.XX RUNNING +controller-2 us-west1-c e2-standard-2 10.240.0.12 XX.XXX.XX.XXX RUNNING +worker-0 us-west1-c e2-standard-2 10.240.0.20 XX.XX.XXX.XXX RUNNING +worker-1 us-west1-c e2-standard-2 10.240.0.21 XX.XX.XX.XXX RUNNING +worker-2 us-west1-c e2-standard-2 10.240.0.22 XX.XXX.XX.XX RUNNING ``` ## Configuring SSH Access @@ -208,10 +208,8 @@ Waiting for SSH key to propagate. After the SSH keys have been updated you'll be logged into the `controller-0` instance: ``` -Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-1042-gcp x86_64) +Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-1019-gcp x86_64) ... - -Last login: Sun Sept 14 14:34:27 2019 from XX.XXX.XXX.XX ``` Type `exit` at the prompt to exit the `controller-0` compute instance: @@ -223,7 +221,7 @@ $USER@controller-0:~$ exit ``` logout -Connection to XX.XXX.XXX.XXX closed +Connection to XX.XX.XX.XXX closed ``` Next: [Provisioning a CA and Generating TLS Certificates](04-certificate-authority.md) diff --git a/docs/07-bootstrapping-etcd.md b/docs/07-bootstrapping-etcd.md index 26f751f..99f2c04 100644 --- a/docs/07-bootstrapping-etcd.md +++ b/docs/07-bootstrapping-etcd.md @@ -22,15 +22,15 @@ Download the official etcd release binaries from the [etcd](https://github.com/e ``` wget -q --show-progress --https-only --timestamping \ - "https://github.com/etcd-io/etcd/releases/download/v3.4.0/etcd-v3.4.0-linux-amd64.tar.gz" + "https://github.com/etcd-io/etcd/releases/download/v3.4.10/etcd-v3.4.10-linux-amd64.tar.gz" ``` Extract and install the `etcd` server and the `etcdctl` command line utility: ``` { - tar -xvf etcd-v3.4.0-linux-amd64.tar.gz - sudo mv etcd-v3.4.0-linux-amd64/etcd* /usr/local/bin/ + tar -xvf etcd-v3.4.10-linux-amd64.tar.gz + sudo mv etcd-v3.4.10-linux-amd64/etcd* /usr/local/bin/ } ``` @@ -39,6 +39,7 @@ Extract and install the `etcd` server and the `etcdctl` command line utility: ``` { sudo mkdir -p /etc/etcd /var/lib/etcd + sudo chmod 700 /var/lib/etcd sudo cp ca.pem kubernetes-key.pem kubernetes.pem /etc/etcd/ } ``` @@ -119,9 +120,9 @@ sudo ETCDCTL_API=3 etcdctl member list \ > output ``` -3a57933972cb5131, started, controller-2, https://10.240.0.12:2380, https://10.240.0.12:2379 -f98dc20bce6225a0, started, controller-0, https://10.240.0.10:2380, https://10.240.0.10:2379 -ffed16798470cab5, started, controller-1, https://10.240.0.11:2380, https://10.240.0.11:2379 +3a57933972cb5131, started, controller-2, https://10.240.0.12:2380, https://10.240.0.12:2379, false +f98dc20bce6225a0, started, controller-0, https://10.240.0.10:2380, https://10.240.0.10:2379, false +ffed16798470cab5, started, controller-1, https://10.240.0.11:2380, https://10.240.0.11:2379, false ``` Next: [Bootstrapping the Kubernetes Control Plane](08-bootstrapping-kubernetes-controllers.md) diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index 3d0cbca..e64e8a2 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -28,10 +28,10 @@ Download the official Kubernetes release binaries: ``` wget -q --show-progress --https-only --timestamping \ - "https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kube-apiserver" \ - "https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kube-controller-manager" \ - "https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kube-scheduler" \ - "https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kubectl" + "https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kube-apiserver" \ + "https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kube-controller-manager" \ + "https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kube-scheduler" \ + "https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl" ``` Install the Kubernetes binaries: @@ -93,7 +93,7 @@ ExecStart=/usr/local/bin/kube-apiserver \\ --kubelet-client-certificate=/var/lib/kubernetes/kubernetes.pem \\ --kubelet-client-key=/var/lib/kubernetes/kubernetes-key.pem \\ --kubelet-https=true \\ - --runtime-config=api/all \\ + --runtime-config='api/all=true' \\ --service-account-key-file=/var/lib/kubernetes/service-account.pem \\ --service-cluster-ip-range=10.32.0.0/24 \\ --service-node-port-range=30000-32767 \\ @@ -126,7 +126,7 @@ Documentation=https://github.com/kubernetes/kubernetes [Service] ExecStart=/usr/local/bin/kube-controller-manager \\ - --address=0.0.0.0 \\ + --bind-address=0.0.0.0 \\ --cluster-cidr=10.200.0.0/16 \\ --cluster-name=kubernetes \\ --cluster-signing-cert-file=/var/lib/kubernetes/ca.pem \\ @@ -250,12 +250,12 @@ kubectl get componentstatuses --kubeconfig admin.kubeconfig ``` ``` -NAME STATUS MESSAGE ERROR -controller-manager Healthy ok +NAME STATUS MESSAGE ERROR scheduler Healthy ok -etcd-2 Healthy {"health": "true"} -etcd-0 Healthy {"health": "true"} -etcd-1 Healthy {"health": "true"} +controller-manager Healthy ok +etcd-0 Healthy {"health":"true"} +etcd-1 Healthy {"health":"true"} +etcd-2 Healthy {"health":"true"} ``` Test the nginx HTTP health check proxy: @@ -266,11 +266,12 @@ curl -H "Host: kubernetes.default.svc.cluster.local" -i http://127.0.0.1/healthz ``` HTTP/1.1 200 OK -Server: nginx/1.14.0 (Ubuntu) -Date: Sat, 14 Sep 2019 18:34:11 GMT +Server: nginx/1.18.0 (Ubuntu) +Date: Sat, 18 Jul 2020 06:20:48 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: keep-alive +Cache-Control: no-cache, private X-Content-Type-Options: nosniff ok @@ -402,12 +403,12 @@ curl --cacert ca.pem https://${KUBERNETES_PUBLIC_ADDRESS}:6443/version ``` { "major": "1", - "minor": "15", - "gitVersion": "v1.15.3", - "gitCommit": "2d3c76f9091b6bec110a5e63777c332469e0cba2", + "minor": "18", + "gitVersion": "v1.18.6", + "gitCommit": "dff82dc0de47299ab66c83c626e08b245ab19037", "gitTreeState": "clean", - "buildDate": "2019-08-19T11:05:50Z", - "goVersion": "go1.12.9", + "buildDate": "2020-07-15T16:51:04Z", + "goVersion": "go1.13.9", "compiler": "gc", "platform": "linux/amd64" } diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index 6dd752d..289b9fa 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -49,13 +49,13 @@ sudo swapoff -a ``` wget -q --show-progress --https-only --timestamping \ - https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.15.0/crictl-v1.15.0-linux-amd64.tar.gz \ - https://github.com/opencontainers/runc/releases/download/v1.0.0-rc8/runc.amd64 \ - https://github.com/containernetworking/plugins/releases/download/v0.8.2/cni-plugins-linux-amd64-v0.8.2.tgz \ - https://github.com/containerd/containerd/releases/download/v1.2.9/containerd-1.2.9.linux-amd64.tar.gz \ - https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kubectl \ - https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kube-proxy \ - https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kubelet + https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.18.0/crictl-v1.18.0-linux-amd64.tar.gz \ + https://github.com/opencontainers/runc/releases/download/v1.0.0-rc91/runc.amd64 \ + https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-amd64-v0.8.6.tgz \ + https://github.com/containerd/containerd/releases/download/v1.3.6/containerd-1.3.6-linux-amd64.tar.gz \ + https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubectl \ + https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kube-proxy \ + https://storage.googleapis.com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubelet ``` Create the installation directories: @@ -75,9 +75,9 @@ Install the worker binaries: ``` { mkdir containerd - tar -xvf crictl-v1.15.0-linux-amd64.tar.gz - tar -xvf containerd-1.2.9.linux-amd64.tar.gz -C containerd - sudo tar -xvf cni-plugins-linux-amd64-v0.8.2.tgz -C /opt/cni/bin/ + tar -xvf crictl-v1.18.0-linux-amd64.tar.gz + tar -xvf containerd-1.3.6-linux-amd64.tar.gz -C containerd + sudo tar -xvf cni-plugins-linux-amd64-v0.8.6.tgz -C /opt/cni/bin/ sudo mv runc.amd64 runc chmod +x crictl kubectl kube-proxy kubelet runc sudo mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/ @@ -305,9 +305,9 @@ gcloud compute ssh controller-0 \ ``` NAME STATUS ROLES AGE VERSION -worker-0 Ready 15s v1.15.3 -worker-1 Ready 15s v1.15.3 -worker-2 Ready 15s v1.15.3 +worker-0 Ready 24s v1.18.6 +worker-1 Ready 24s v1.18.6 +worker-2 Ready 24s v1.18.6 ``` Next: [Configuring kubectl for Remote Access](10-configuring-kubectl.md) diff --git a/docs/10-configuring-kubectl.md b/docs/10-configuring-kubectl.md index c64a434..888013b 100644 --- a/docs/10-configuring-kubectl.md +++ b/docs/10-configuring-kubectl.md @@ -45,11 +45,11 @@ kubectl get componentstatuses ``` NAME STATUS MESSAGE ERROR -controller-manager Healthy ok scheduler Healthy ok +controller-manager Healthy ok +etcd-0 Healthy {"health":"true"} etcd-1 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"} -etcd-0 Healthy {"health":"true"} ``` List the nodes in the remote Kubernetes cluster: @@ -61,10 +61,10 @@ kubectl get nodes > output ``` -NAME STATUS ROLES AGE VERSION -worker-0 Ready 2m9s v1.15.3 -worker-1 Ready 2m9s v1.15.3 -worker-2 Ready 2m9s v1.15.3 +NAME STATUS ROLES AGE VERSION +worker-0 Ready 2m30s v1.18.6 +worker-1 Ready 2m30s v1.18.6 +worker-2 Ready 2m30s v1.18.6 ``` Next: [Provisioning Pod Network Routes](11-pod-network-routes.md) diff --git a/docs/11-pod-network-routes.md b/docs/11-pod-network-routes.md index c9f0b6a..415db25 100644 --- a/docs/11-pod-network-routes.md +++ b/docs/11-pod-network-routes.md @@ -50,8 +50,8 @@ gcloud compute routes list --filter "network: kubernetes-the-hard-way" ``` NAME NETWORK DEST_RANGE NEXT_HOP PRIORITY -default-route-081879136902de56 kubernetes-the-hard-way 10.240.0.0/24 kubernetes-the-hard-way 1000 -default-route-55199a5aa126d7aa kubernetes-the-hard-way 0.0.0.0/0 default-internet-gateway 1000 +default-route-6be823b741087623 kubernetes-the-hard-way 0.0.0.0/0 default-internet-gateway 1000 +default-route-cebc434ce276fafa kubernetes-the-hard-way 10.240.0.0/24 kubernetes-the-hard-way 0 kubernetes-route-10-200-0-0-24 kubernetes-the-hard-way 10.200.0.0/24 10.240.0.20 1000 kubernetes-route-10-200-1-0-24 kubernetes-the-hard-way 10.200.1.0/24 10.240.0.21 1000 kubernetes-route-10-200-2-0-24 kubernetes-the-hard-way 10.200.2.0/24 10.240.0.22 1000 diff --git a/docs/12-dns-addon.md b/docs/12-dns-addon.md index f7a5d43..feddcf5 100644 --- a/docs/12-dns-addon.md +++ b/docs/12-dns-addon.md @@ -7,7 +7,7 @@ In this lab you will deploy the [DNS add-on](https://kubernetes.io/docs/concepts Deploy the `coredns` cluster add-on: ``` -kubectl apply -f https://storage.googleapis.com/kubernetes-the-hard-way/coredns.yaml +kubectl apply -f https://storage.googleapis.com/kubernetes-the-hard-way/coredns-1.7.0.yaml ``` > output @@ -17,7 +17,7 @@ serviceaccount/coredns created clusterrole.rbac.authorization.k8s.io/system:coredns created clusterrolebinding.rbac.authorization.k8s.io/system:coredns created configmap/coredns created -deployment.extensions/coredns created +deployment.apps/coredns created service/kube-dns created ``` @@ -31,8 +31,8 @@ kubectl get pods -l k8s-app=kube-dns -n kube-system ``` NAME READY STATUS RESTARTS AGE -coredns-699f8ddd77-94qv9 1/1 Running 0 20s -coredns-699f8ddd77-gtcgb 1/1 Running 0 20s +coredns-5677dc4cdb-d8rtv 1/1 Running 0 30s +coredns-5677dc4cdb-m8n69 1/1 Running 0 30s ``` ## Verification @@ -40,7 +40,7 @@ coredns-699f8ddd77-gtcgb 1/1 Running 0 20s Create a `busybox` deployment: ``` -kubectl run --generator=run-pod/v1 busybox --image=busybox:1.28 --command -- sleep 3600 +kubectl run busybox --image=busybox:1.28 --command -- sleep 3600 ``` List the pod created by the `busybox` deployment: diff --git a/docs/13-smoke-test.md b/docs/13-smoke-test.md index ed90844..ab14fe5 100644 --- a/docs/13-smoke-test.md +++ b/docs/13-smoke-test.md @@ -32,17 +32,24 @@ gcloud compute ssh controller-0 \ 00000010 73 2f 64 65 66 61 75 6c 74 2f 6b 75 62 65 72 6e |s/default/kubern| 00000020 65 74 65 73 2d 74 68 65 2d 68 61 72 64 2d 77 61 |etes-the-hard-wa| 00000030 79 0a 6b 38 73 3a 65 6e 63 3a 61 65 73 63 62 63 |y.k8s:enc:aescbc| -00000040 3a 76 31 3a 6b 65 79 31 3a 44 ac 6e ac 11 2f 28 |:v1:key1:D.n../(| -00000050 02 46 3d ad 9d cd 68 be e4 cc 63 ae 13 e4 99 e8 |.F=...h...c.....| -00000060 6e 55 a0 fd 9d 33 7a b1 17 6b 20 19 23 dc 3e 67 |nU...3z..k .#.>g| -00000070 c9 6c 47 fa 78 8b 4d 28 cd d1 71 25 e9 29 ec 88 |.lG.x.M(..q%.)..| -00000080 7f c9 76 b6 31 63 6e ea ac c5 e4 2f 32 d7 a6 94 |..v.1cn..../2...| -00000090 3c 3d 97 29 40 5a ee e1 ef d6 b2 17 01 75 a4 a3 |<=.)@Z.......u..| -000000a0 e2 c2 70 5b 77 1a 0b ec 71 c3 87 7a 1f 68 73 03 |..p[w...q..z.hs.| -000000b0 67 70 5e ba 5e 65 ff 6f 0c 40 5a f9 2a bd d6 0e |gp^.^e.o.@Z.*...| -000000c0 44 8d 62 21 1a 30 4f 43 b8 03 69 52 c0 b7 2e 16 |D.b!.0OC..iR....| -000000d0 14 a5 91 21 29 fa 6e 03 47 e2 06 25 45 7c 4f 8f |...!).n.G..%E|O.| -000000e0 6e bb 9d 3b e9 e5 2d 9e 3e 0a |n..;..-.>.| +00000040 3a 76 31 3a 6b 65 79 31 3a 8c 7b 16 f3 26 59 d5 |:v1:key1:.{..&Y.| +00000050 c9 65 1c f0 3a 04 e7 66 2a f6 50 93 4e d4 d7 8c |.e..:..f*.P.N...| +00000060 ca 24 ab 68 54 5f 31 f6 5c e5 5c c6 29 1d cc da |.$.hT_1.\.\.)...| +00000070 22 fc c9 be 23 8a 26 b4 9b 38 1d 57 65 87 2a ac |"...#.&..8.We.*.| +00000080 70 11 ea 06 93 b7 de ba 12 83 42 94 9d 27 8f ee |p.........B..'..| +00000090 95 05 b0 77 31 ab 66 3d d9 e2 38 85 f9 a5 59 3a |...w1.f=..8...Y:| +000000a0 90 c1 46 ae b4 9d 13 05 82 58 71 4e 5b cb ac e2 |..F......XqN[...| +000000b0 3b 6e d7 10 ab 7c fc fe dd f0 e6 0a 7b 24 2e 68 |;n...|......{$.h| +000000c0 5e 78 98 5f 33 40 f8 d2 10 30 1f de 17 3f 06 a1 |^x._3@...0...?..| +000000d0 81 bd 1f 2e be e9 35 26 2c be 39 16 cf ac c2 6d |......5&,.9....m| +000000e0 32 56 05 7d 80 39 5d c0 a4 43 46 75 96 0c 87 49 |2V.}.9]..CFu...I| +000000f0 3c 17 1a 1c 8e 52 b1 e8 42 6b a5 e8 b2 b3 27 bc |<....R..Bk....'.| +00000100 80 a6 53 2a 9f 57 d2 de a3 f8 7f 84 2c 01 c9 d9 |..S*.W......,...| +00000110 4f e0 3f e7 a7 1e 46 b7 47 dc f0 53 d2 d2 e1 99 |O.?...F.G..S....| +00000120 0b b7 b3 49 d0 3c a5 e8 26 ce 2c 51 42 2c 0f 48 |...I.<..&.,QB,.H| +00000130 b1 9a 1a dd 24 d1 06 d8 34 bf 09 2e 20 cc 3d 3d |....$...4... .==| +00000140 e2 5a e5 e4 44 b7 ae 57 49 0a |.Z..D..WI.| +0000014a ``` The etcd key should be prefixed with `k8s:enc:aescbc:v1:key1`, which indicates the `aescbc` provider was used to encrypt the data with the `key1` encryption key. @@ -66,8 +73,8 @@ kubectl get pods -l app=nginx > output ``` -NAME READY STATUS RESTARTS AGE -nginx-554b9c67f9-vt5rn 1/1 Running 0 10s +NAME READY STATUS RESTARTS AGE +nginx-f89759699-kpn5m 1/1 Running 0 10s ``` ### Port Forwarding @@ -103,13 +110,13 @@ curl --head http://127.0.0.1:8080 ``` HTTP/1.1 200 OK -Server: nginx/1.17.3 -Date: Sat, 14 Sep 2019 21:10:11 GMT +Server: nginx/1.19.1 +Date: Sat, 18 Jul 2020 07:14:00 GMT Content-Type: text/html Content-Length: 612 -Last-Modified: Tue, 13 Aug 2019 08:50:00 GMT +Last-Modified: Tue, 07 Jul 2020 15:52:25 GMT Connection: keep-alive -ETag: "5d5279b8-264" +ETag: "5f049a39-264" Accept-Ranges: bytes ``` @@ -135,7 +142,8 @@ kubectl logs $POD_NAME > output ``` -127.0.0.1 - - [14/Sep/2019:21:10:11 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.52.1" "-" +... +127.0.0.1 - - [18/Jul/2020:07:14:00 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.64.0" "-" ``` ### Exec @@ -151,7 +159,7 @@ kubectl exec -ti $POD_NAME -- nginx -v > output ``` -nginx version: nginx/1.17.3 +nginx version: nginx/1.19.1 ``` ## Services @@ -198,13 +206,13 @@ curl -I http://${EXTERNAL_IP}:${NODE_PORT} ``` HTTP/1.1 200 OK -Server: nginx/1.17.3 -Date: Sat, 14 Sep 2019 21:12:35 GMT +Server: nginx/1.19.1 +Date: Sat, 18 Jul 2020 07:16:41 GMT Content-Type: text/html Content-Length: 612 -Last-Modified: Tue, 13 Aug 2019 08:50:00 GMT +Last-Modified: Tue, 07 Jul 2020 15:52:25 GMT Connection: keep-alive -ETag: "5d5279b8-264" +ETag: "5f049a39-264" Accept-Ranges: bytes ```