Skip to content

Instantly share code, notes, and snippets.

@bison

bison/rkt-workshop.md

Last active November 7, 2016 02:55
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save bison/d1bbe6fdac0652983799e5e5e35e51c5 to your computer and use it in GitHub Desktop.
Save bison/d1bbe6fdac0652983799e5e5e35e51c5 to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes + rkt workshop
Raw
rkt-workshop.md

Kubernetes + rkt workshop

Documentation links

Prerequisites

With the exception of VirtualBox, these should all be on USB drives floating around -- with OS X and Linux versions.

https://github.com/bison/rkt-workshop

You may also want kubectl from the latest Kubernetes release.

rkt

Starting the VM

host:~$ vagrant box add --name ubuntu/xenial64 ubuntu-xenial64.box
host:~$ vagrant up
host:~$ vagrant ssh
vagrant-vm:~$ ping -c 5 coreos.com

Starting a container

vagrant-vm:~$ rkt list
UUID    APP     IMAGE NAME      STATE   CREATED STARTED NETWORKS

vagrant-vm:~$ sudo rkt run --insecure-options=image --interactive --dns=host docker://busybox
/ #

vagrant-vm:~$ rkt list
UUID            APP     IMAGE NAME                                      STATE   CREATED         STARTED         NETWORKS
156b0ed1        busybox registry-1.docker.io/library/busybox:latest     running 14 seconds ago  14 seconds ago  default:ip4=172.16.28.2

vagrant-vm:~$ machinectl
MACHINE                                  CLASS     SERVICE
rkt-156b0ed1-0869-48e1-977f-db5d9f66ff8d container rkt    

1 machines listed.

vagrant-vm:~$ journalctl -M rkt-156b0ed1-0869-48e1-977f-db5d9f66ff8d
-- Logs begin at Fri 2016-11-04 16:36:09 UTC, end at Fri 2016-11-04 16:36:09 UTC. --
Nov 04 16:36:09 rkt-156b0ed1-0869-48e1-977f-db5d9f66ff8d systemd-journald[3]: Runtime journal (/run/log/journal/) is 6.2M, max 49.6M, 43.4M free.
Nov 04 16:36:09 rkt-156b0ed1-0869-48e1-977f-db5d9f66ff8d systemd-journald[3]: System journal (/var/log/journal/) is 8.0M, max 986.1M, 978.1M free.
Nov 04 16:36:09 rkt-156b0ed1-0869-48e1-977f-db5d9f66ff8d systemd-journald[3]: Time spent on flushing to /var is 704us for 2 entries.
Nov 04 16:36:09 rkt-156b0ed1-0869-48e1-977f-db5d9f66ff8d systemd-journald[3]: Journal started

Taking a look at networking

vagrant-vm:~$ ip netns list
cni-ac53947d-f445-61da-2e75-a7e9a66b01c5 (id: 0)

ubuntu@ubuntu-xenial:~$ sudo ip netns exec cni-ac53947d-f445-61da-2e75-a7e9a66b01c5 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 2e:3e:ac:22:77:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.16.28.2/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::2c3e:acff:fe22:770f/64 scope link 
       valid_lft forever preferred_lft forever

Trying a different stage1

vagrant-vm:~$ sudo rkt run --insecure-options=image --interactive --dns=host --stage1-from-dir=stage1-fly.aci docker://busybox --exec=/bin/sh
/ # ip a
/ # mount
/ # ps auxww

Garbage collection

vagrant-vm:~$ rkt list
UUID            APP     IMAGE NAME                                      STATE   CREATED         STARTED         NETWORKS
156b0ed1        busybox registry-1.docker.io/library/busybox:latest     exited  7 minutes ago   7 minutes ago
e165545d        busybox registry-1.docker.io/library/busybox:latest     exited  45 seconds ago  45 seconds ago

vagrant-vm:~$ sudo rkt gc --grace-period=0
gc: moving pod "156b0ed1-0869-48e1-977f-db5d9f66ff8d" to garbage
gc: moving pod "e165545d-3f8d-4af4-9ea2-fd70af5abe6a" to garbage
Garbage collecting pod "156b0ed1-0869-48e1-977f-db5d9f66ff8d"
Garbage collecting pod "e165545d-3f8d-4af4-9ea2-fd70af5abe6a"

Image verification

vagrant-vm:~$ rkt fetch quay.io/coreos/etcd:v3.0.13
pubkey: prefix: "quay.io/coreos/etcd"
key: "https://quay.io/aci-signing-key"
gpg key fingerprint is: BFF3 13CD AA56 0B16 A898  7B8F 72AB F5F6 799D 33BC
        Quay.io ACI Converter (ACI conversion signing key) <support@quay.io>
Are you sure you want to trust this key (yes/no)?
yes
Trusting "https://quay.io/aci-signing-key" for prefix "quay.io/coreos/etcd" after fingerprint review.
Added key for prefix "quay.io/coreos/etcd" at "/etc/rkt/trustedkeys/prefix.d/quay.io/coreos/etcd/bff313cdaa560b16a8987b8f72abf5f6799d33bc"
Downloading signature: [=======================================] 473 B/473 B
Downloading ACI: [=============================================] 14.2 MB/14.2 MB
image: signature verified:
  Quay.io ACI Converter (ACI conversion signing key) <support@quay.io>
sha512-7b220bb747aa430125b64edca2a7af64

vagrant-vm:~$ ls -alh /etc/rkt/trustedkeys/prefix.d/quay.io/coreos/etcd
total 12K
drwxr-sr-x 2 ubuntu rkt-admin 4.0K Nov  4 16:44 .
drwxr-sr-x 3 ubuntu rkt-admin 4.0K Nov  4 16:44 ..
-rw-r--r-- 1 ubuntu rkt-admin  991 Nov  4 16:44 bff313cdaa560b16a8987b8f72abf5f6799d33bc

Building our own ACI

vagrant-vm:~$ cp -a /vagrant/nginx-image .
vagrant-vm:~$ cd nginx-image
vagrant-vm:~$ sudo ./build-nginx.sh
vagrant-vm:~$ ls -lh nginx-latest-linux-amd64.aci
vagrant-vm:~$ sudo rkt run --insecure-options=image ./nginx-latest-linux-amd64.aci
vagrant-vm:~$ curl -v http://172.16.28.2/

Kubernetes

Starting minikube

host:~$ minikube status
minikubeVM: Stopped
localkube: N/A

# Can also run 'start-minikube.sh' in the workshop repo here.
host:~$ minikube start --network-plugin=cni \
    --container-runtime=rkt \
    --iso-url=http://storage.googleapis.com/minikube/iso/buildroot/minikube-v0.0.6.iso
Starting local Kubernetes cluster...
Kubectl is now configured to use the cluster.

host:~:$ kubectl cluster-info 
Kubernetes master is running at https://192.168.99.100:8443
KubeDNS is running at https://192.168.99.100:8443/api/v1/proxy/namespaces/kube-system/services/kube-dns
kubernetes-dashboard is running at https://192.168.99.100:8443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

host:~$ minikube dashboard
host:~$ minikube ssh
minikube:~$ rkt list

We'll deploy a sample app to the cluster at this point using the dashboard.

Testing the service and getting logs

host:~$ minikube service --url echoheaders
http://192.168.99.100:30255

host:~$ curl -H 'X-Test: rktnetes' $(minikube service --url echoheaders)

host:~$ minikube ssh

minikube:~$ rkt list --full
UUID					APP			IMAGE NAME							IMAGE ID		STATE	CREATED					STARTED				NETWORKS
41cba836-d633-45f4-871d-5063b9f94603	kubernetes-dashboard	gcr.io/google_containers/kubernetes-dashboard-amd64:v1.4.2	sha512-31c20f9d44cc	running	2016-11-04 16:47:31.985 +0000 UTC	2016-11-04 16:47:32.052 +0000 UTC	
5d5a8e5e-5f96-4245-9882-db2cbf7ee03d	echoheaders		gcr.io/google_containers/echoserver:1.4				sha512-b4ae3b3a0307	running	2016-11-04 16:47:33.068 +0000 UTC	2016-11-04 16:47:33.211 +0000 UTC	
6ef470de-e0a8-4d56-9e52-86e991c5f575	kube-addon-manager	gcr.io/google-containers/kube-addon-manager:v5.1		sha512-4de51372e8fc	running	2016-11-04 16:47:31.541 +0000 UTC	2016-11-04 16:47:31.713 +0000 UTC	

minikube:~$ journalctl -u k8s_5d5a8e5e-5f96-4245-9882-db2cbf7ee03d                                                                                                                                                                                                         
-- Logs begin at Fri 2016-11-04 16:47:08 UTC, end at Fri 2016-11-04 16:51:14 UTC. --
Nov 04 16:47:33 minikube systemd[1]: Started k8s_5d5a8e5e-5f96-4245-9882-db2cbf7ee03d.service.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment