sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
apt-get update && apt-get install docker-ce=18.06.0~ce~3-0~ubuntu
- Install kubectl
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubectl socat
curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.32.0/minikube-linux-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube
- Start Minikube
minikube config set embed-certs true
minikube start --vm-driver none
- Check the status of
Minikube
and list nodes
minikube status
minikube: Running
cluster: Running
kubectl: Correctly Configured: pointing to minikube-vm at 158.88.151.123
kubectl get nodes
NAME STATUS ROLES AGE VERSION
minikube Ready master 7m v1.12.0
- Later, in the tutorial we would need to attach volumes to our pods. Kubernetes can do dynamic volume provisioning using
StorageClass
, which gets setup tohostPath
with minikube. Let's verify that.
kubectl get storageclass
NAME PROVISIONER AGE
standard (default) k8s.io/minikube-hostpath 41s
Step 2: Copy the kubeconfig file of your k8s cluster (Minikube ruining on Do) to your local workstation. and follow all the following steps on your local workstation at $HOME/.kube/config location. Install kubectl your local workstation.
Install kubectl on your local workstation using this reference https://kubernetes.io/docs/tasks/tools/install-kubectl/
Step 3: Install Helm on your local Workstation and init the tiller pod. [Follow these steps on your Local Workstation]
-
Setup Helm Package Manager for Kubernetes
-
Also later in the article, we will use
Helm
; which is a package manager for Kubernetes. So lets setup the Helm, as we did in the earlier webinar. -
Download Helm installation script. Change the permission of the script and execute the script using following commands.
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh
- Lets create Service account
tiller
and RBAC rule fortiller
service account.
Service Accounts Kubernetes enables access control for workloads by providing Service Accounts. A service account represents an identity for processes that run in a pod. When a process is authenticated through a service account, it can contact the API server and access cluster resources. If a pod doesn’t have an assigned service account, it gets the default service account.
cat rbac_helm.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
- kind: User
name: "admin"
apiGroup: rbac.authorization.k8s.io
- kind: User
name: "kubelet"
apiGroup: rbac.authorization.k8s.io
- kind: Group
name: system:serviceaccounts
apiGroup: rbac.authorization.k8s.io
- Deploy above configuration.
kubectl apply -f rbac_helm.yaml
- Initialize the Helm.
helm init --service-account tiller
- Verify tiller pod is running in the
kube-system
namespace.
kubectl --namespace kube-system get pods | grep tiller