HTB Atomic / Kubernetes Demo

Atomic_Kuber_HTB_Demo

*************************************************************
Demo 1: Manual Atomic / Kubernetes Configuration

1. Look at the config files for kubernetes

# rpm -qc kubernetes

2. Look at the binaries for kubernetes

# rpm -ql kubernetes | grep bin

3. Look at the config file for etcd

# rpm -qc etcd
/etc/etcd/etcd.conf

4. Look at the binaries for etcd

# rpm -ql etcd | grep bin
/usr/bin/etcd

5. Get IP address for minion

# ip a

6. Edit apiserver config on master

# cat /etc/kubernetes/apiserver
###
# kubernetes system config
#
# The following values are used to configure the kubernetes-apiserver
#

# The address on the local server to listen to.
KUBE_API_ADDRESS="0.0.0.0"

# The port on the local server to listen on.
KUBE_API_PORT="8080"

# Comma seperated list of minions
MINION_ADDRESSES="x.x.x.115"

# Port minions listen on
MINION_PORT="10250"

7. Get IP address for master

# ip a

8. Edit the config file on the master

# cat /etc/kubernetes/config 
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
#   kubernetes-apiserver.service
#   kubernetes-controller-manager.service
#   kubernetes-kubelet.service
#   kubernetes-proxy.service

# Comma seperated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="http://x.x.x.119:4001"

# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL=0

9. Edit the controller-manager file on master

# cat /etc/kubernetes/controller-manager
###
# kubernetes system config
#
# The following values are used to configure the kubernetes controller-manager

# Location of the kubernetes master api server
KUBE_MASTER="x.x.x.119:8080"

10 Edit the config file on the minion

# cat /etc/kubernetes/config 
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
#   kubernetes-apiserver.service
#   kubernetes-controller-manager.service
#   kubernetes-kubelet.service
#   kubernetes-proxy.service

# Comma seperated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="http://x.x.x.119:4001"

# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL=0

11. Configure the kublet on the minion

# cat /etc/kubernetes/kubelet 
###
# kubernetes kublet (minion) config

# The address for the info server to serve on
MINION_ADDRESS="x.x.x.115"

# The port for the info server to serve on
MINION_PORT="10250"

# You may leave this blank to use the actual hostname
MINION_HOSTNAME="x.x.x.115"

12. Start the apiserver service on master and open ports

# ls /usr/lib/systemd/system/kube*
# systemctl enable kube-apiserver
# systemctl restart kube-apiserver
# systemctl status kube-apiserver
# netstat -tulnp
# iptables -I INPUT -p tcp --dport 8080 -j ACCEPT

13. Start etcd on master and open ports

# systemctl enable etcd
# systemctl restart etcd
# systemctl status etcd
# netstat -tulnp
# iptables -I INPUT -p tcp --dport 4001 -j ACCEPT
# iptables -nvL

14. Start the controller manager on master

# ls /usr/lib/systemd/system/kube*
# systemctl enable kube-controller-manager
# systemctl restart kube-controller-manager
# systemctl status kube-controller-manager

15. Test etcd from minion

# curl -L http://x.x.x.x:4001/v2/keys/mykey -XPUT -d value="this is awesome"
# curl -L http://x.x.x.x:4001/v2/keys/mykey
# curl -L http://x.x.x.x:4001/version

16. Start the kubelet and open ports on the minion

# ls /usr/lib/systemd/system/kube*
# systemctl enable kubelet
# systemctl restart kubelet
# systemctl status kubelet
# netstat -tulnp
# iptables -I INPUT -p tcp --dport 10250 -j ACCEPT
# iptables -nvL

17. Start the proxy on the minion

# ls /usr/lib/systemd/system/kube*
# systemctl enable kube-proxy
# systemctl restart kube-proxy
# systemctl status kube-proxy

18. Explore the pod json file on the master

{
  "id": "fedoraapache",
  "kind": "Pod",
  "apiVersion": "v1beta1",
  "desiredState": {
    "manifest": {
      "version": "v1beta1",
      "id": "fedoraapache",
      "containers": [{
        "name": "fedoraapache",
        "image": "fedora/apache",
        "ports": [{
          "containerPort": 80,
          "hostPort": 80
        }]
      }]
    }
  },
  "labels": {
    "name": "fedoraapache"
  }
}


19. Check the minion for running docker containers and existing images

# docker ps
# docker images

20. Monitor logs on minion

# journalctl -xn -f -l -u kubelet -u kube-proxy

21. Open another termial on master and monitor logs

# journalctl -xn -f -l -u kube-apiserver -u kube-controller-manager

22. Ensure the minion is subscribed with Red Hat.

# subscription-manager list --available
# yum repolist

23. Deploy the pod from the master

# kubecfg -c apache.json create pods

24. List pods on master

# kubecfg list pods

25. Explore Docker on minion

# docker ps 
# docker images

26. Test the web server on minion

# curl http://localhost:8080


*************************************************************
Demo 2: Ansible / Atomic Configuration

1. Show Ansible on RHEL 7 host

# rpm -ql ansible | grep bin
# cat /etc/redhat-release

2. Show git clone command

# git clone https://github.com/eparis/kubernetes-ansible.git

3. Get IP addresses from master and minion, add to inventory file

# cat inventory 
[masters]
x.x.x.130

[etcd]
x.x.x.130

[minions]
x.x.x.117

4. Explore the playbooks.  Show all directories and talk through what they are for.

# tree roles/
# cat keys.yml
# cat setup.yml

5. Set root password on all atomic hosts

6. Run the playbook

7. Show services running on Atomic hosts

# systemctl | grep -i kube

8. Show firewall rules on atomic hosts

# iptables -nvL

9. Check subscriptions on minion

# yum repolist

10. Create the following apache.json file and deploy pod to minion.

{
  "id": "fedoraapache",
  "kind": "Pod",
  "apiVersion": "v1beta1",
  "desiredState": {
    "manifest": {
      "version": "v1beta1",
      "id": "fedoraapache",
      "containers": [{
        "name": "fedoraapache",
        "image": "fedora/apache",
        "ports": [{
          "containerPort": 80,
          "hostPort": 80
        }]
      }]
    }
  },
  "labels": {
    "name": "fedoraapache"
  }
}

kubecfg -c apache.json create pods

11. Check Docker status on minion

# docker ps
# docker images

12. Check web server access

# curl http://localhost

*************************************************************
Demo 3: Demonstrate Replication Controller

1. Transistion from Demo 2 to this one and explain that we will now show how to use replication controller features.

2. Explore the controller.json file on the master node. Focus on the "kind" that it is.

# cat controller.json 
{
  "id": "apachecontroller",
  "kind": "ReplicationController",
  "apiVersion": "v1beta1",
  "desiredState": {
    "replicas": 2,
    "replicaSelector": {"name": "apachecontroller"},
    "podTemplate": {
      "desiredState": {
         "manifest": {
           "version": "v1beta1",
           "id": "apachecontroller",
           "containers": [{
             "name": "apachecontroller",
             "image": "fedora/apache",
             "ports": [{"containerPort": 80, "hostPort": 8080}]
           }]
         }
       },
       "labels": {"name": "apachecontroller"}
      }},
  "labels": {"name": "apachecontroller"}
}

3. Open up a extra terminal to the minion and watch for containers.

# watch -n1 docker ps

4. Deploy the controller.

# kubecfg -c controller.json create replicationControllers

5. After the container has been launched, check the web server.

# curl http://localhost:8080

6. Go to master, delete a pod.

# kubecfg list pods
# kubecfg delete /pod/fedoraapache

7. Mention that the pod gets restarted