Last active
August 29, 2015 14:05
-
-
Save scollier/f7e4bb4f394a6bdb69f8 to your computer and use it in GitHub Desktop.
HTB Atomic / Kubernetes Demo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
************************************************************* | |
Demo 1: Manual Atomic / Kubernetes Configuration | |
1. Look at the config files for kubernetes | |
# rpm -qc kubernetes | |
2. Look at the binaries for kubernetes | |
# rpm -ql kubernetes | grep bin | |
3. Look at the config file for etcd | |
# rpm -qc etcd | |
/etc/etcd/etcd.conf | |
4. Look at the binaries for etcd | |
# rpm -ql etcd | grep bin | |
/usr/bin/etcd | |
5. Get IP address for minion | |
# ip a | |
6. Edit apiserver config on master | |
# cat /etc/kubernetes/apiserver | |
### | |
# kubernetes system config | |
# | |
# The following values are used to configure the kubernetes-apiserver | |
# | |
# The address on the local server to listen to. | |
KUBE_API_ADDRESS="0.0.0.0" | |
# The port on the local server to listen on. | |
KUBE_API_PORT="8080" | |
# Comma seperated list of minions | |
MINION_ADDRESSES="x.x.x.115" | |
# Port minions listen on | |
MINION_PORT="10250" | |
7. Get IP address for master | |
# ip a | |
8. Edit the config file on the master | |
# cat /etc/kubernetes/config | |
### | |
# kubernetes system config | |
# | |
# The following values are used to configure various aspects of all | |
# kubernetes services, including | |
# | |
# kubernetes-apiserver.service | |
# kubernetes-controller-manager.service | |
# kubernetes-kubelet.service | |
# kubernetes-proxy.service | |
# Comma seperated list of nodes in the etcd cluster | |
KUBE_ETCD_SERVERS="http://x.x.x.119:4001" | |
# logging to stderr means we get it in the systemd journal | |
KUBE_LOGTOSTDERR="true" | |
# journal message level, 0 is debug | |
KUBE_LOG_LEVEL=0 | |
9. Edit the controller-manager file on master | |
# cat /etc/kubernetes/controller-manager | |
### | |
# kubernetes system config | |
# | |
# The following values are used to configure the kubernetes controller-manager | |
# Location of the kubernetes master api server | |
KUBE_MASTER="x.x.x.119:8080" | |
10 Edit the config file on the minion | |
# cat /etc/kubernetes/config | |
### | |
# kubernetes system config | |
# | |
# The following values are used to configure various aspects of all | |
# kubernetes services, including | |
# | |
# kubernetes-apiserver.service | |
# kubernetes-controller-manager.service | |
# kubernetes-kubelet.service | |
# kubernetes-proxy.service | |
# Comma seperated list of nodes in the etcd cluster | |
KUBE_ETCD_SERVERS="http://x.x.x.119:4001" | |
# logging to stderr means we get it in the systemd journal | |
KUBE_LOGTOSTDERR="true" | |
# journal message level, 0 is debug | |
KUBE_LOG_LEVEL=0 | |
11. Configure the kublet on the minion | |
# cat /etc/kubernetes/kubelet | |
### | |
# kubernetes kublet (minion) config | |
# The address for the info server to serve on | |
MINION_ADDRESS="x.x.x.115" | |
# The port for the info server to serve on | |
MINION_PORT="10250" | |
# You may leave this blank to use the actual hostname | |
MINION_HOSTNAME="x.x.x.115" | |
12. Start the apiserver service on master and open ports | |
# ls /usr/lib/systemd/system/kube* | |
# systemctl enable kube-apiserver | |
# systemctl restart kube-apiserver | |
# systemctl status kube-apiserver | |
# netstat -tulnp | |
# iptables -I INPUT -p tcp --dport 8080 -j ACCEPT | |
13. Start etcd on master and open ports | |
# systemctl enable etcd | |
# systemctl restart etcd | |
# systemctl status etcd | |
# netstat -tulnp | |
# iptables -I INPUT -p tcp --dport 4001 -j ACCEPT | |
# iptables -nvL | |
14. Start the controller manager on master | |
# ls /usr/lib/systemd/system/kube* | |
# systemctl enable kube-controller-manager | |
# systemctl restart kube-controller-manager | |
# systemctl status kube-controller-manager | |
15. Test etcd from minion | |
# curl -L http://x.x.x.x:4001/v2/keys/mykey -XPUT -d value="this is awesome" | |
# curl -L http://x.x.x.x:4001/v2/keys/mykey | |
# curl -L http://x.x.x.x:4001/version | |
16. Start the kubelet and open ports on the minion | |
# ls /usr/lib/systemd/system/kube* | |
# systemctl enable kubelet | |
# systemctl restart kubelet | |
# systemctl status kubelet | |
# netstat -tulnp | |
# iptables -I INPUT -p tcp --dport 10250 -j ACCEPT | |
# iptables -nvL | |
17. Start the proxy on the minion | |
# ls /usr/lib/systemd/system/kube* | |
# systemctl enable kube-proxy | |
# systemctl restart kube-proxy | |
# systemctl status kube-proxy | |
18. Explore the pod json file on the master | |
{ | |
"id": "fedoraapache", | |
"kind": "Pod", | |
"apiVersion": "v1beta1", | |
"desiredState": { | |
"manifest": { | |
"version": "v1beta1", | |
"id": "fedoraapache", | |
"containers": [{ | |
"name": "fedoraapache", | |
"image": "fedora/apache", | |
"ports": [{ | |
"containerPort": 80, | |
"hostPort": 80 | |
}] | |
}] | |
} | |
}, | |
"labels": { | |
"name": "fedoraapache" | |
} | |
} | |
19. Check the minion for running docker containers and existing images | |
# docker ps | |
# docker images | |
20. Monitor logs on minion | |
# journalctl -xn -f -l -u kubelet -u kube-proxy | |
21. Open another termial on master and monitor logs | |
# journalctl -xn -f -l -u kube-apiserver -u kube-controller-manager | |
22. Ensure the minion is subscribed with Red Hat. | |
# subscription-manager list --available | |
# yum repolist | |
23. Deploy the pod from the master | |
# kubecfg -c apache.json create pods | |
24. List pods on master | |
# kubecfg list pods | |
25. Explore Docker on minion | |
# docker ps | |
# docker images | |
26. Test the web server on minion | |
# curl http://localhost:8080 | |
************************************************************* | |
Demo 2: Ansible / Atomic Configuration | |
1. Show Ansible on RHEL 7 host | |
# rpm -ql ansible | grep bin | |
# cat /etc/redhat-release | |
2. Show git clone command | |
# git clone https://github.com/eparis/kubernetes-ansible.git | |
3. Get IP addresses from master and minion, add to inventory file | |
# cat inventory | |
[masters] | |
x.x.x.130 | |
[etcd] | |
x.x.x.130 | |
[minions] | |
x.x.x.117 | |
4. Explore the playbooks. Show all directories and talk through what they are for. | |
# tree roles/ | |
# cat keys.yml | |
# cat setup.yml | |
5. Set root password on all atomic hosts | |
6. Run the playbook | |
7. Show services running on Atomic hosts | |
# systemctl | grep -i kube | |
8. Show firewall rules on atomic hosts | |
# iptables -nvL | |
9. Check subscriptions on minion | |
# yum repolist | |
10. Create the following apache.json file and deploy pod to minion. | |
{ | |
"id": "fedoraapache", | |
"kind": "Pod", | |
"apiVersion": "v1beta1", | |
"desiredState": { | |
"manifest": { | |
"version": "v1beta1", | |
"id": "fedoraapache", | |
"containers": [{ | |
"name": "fedoraapache", | |
"image": "fedora/apache", | |
"ports": [{ | |
"containerPort": 80, | |
"hostPort": 80 | |
}] | |
}] | |
} | |
}, | |
"labels": { | |
"name": "fedoraapache" | |
} | |
} | |
kubecfg -c apache.json create pods | |
11. Check Docker status on minion | |
# docker ps | |
# docker images | |
12. Check web server access | |
# curl http://localhost | |
************************************************************* | |
Demo 3: Demonstrate Replication Controller | |
1. Transistion from Demo 2 to this one and explain that we will now show how to use replication controller features. | |
2. Explore the controller.json file on the master node. Focus on the "kind" that it is. | |
# cat controller.json | |
{ | |
"id": "apachecontroller", | |
"kind": "ReplicationController", | |
"apiVersion": "v1beta1", | |
"desiredState": { | |
"replicas": 2, | |
"replicaSelector": {"name": "apachecontroller"}, | |
"podTemplate": { | |
"desiredState": { | |
"manifest": { | |
"version": "v1beta1", | |
"id": "apachecontroller", | |
"containers": [{ | |
"name": "apachecontroller", | |
"image": "fedora/apache", | |
"ports": [{"containerPort": 80, "hostPort": 8080}] | |
}] | |
} | |
}, | |
"labels": {"name": "apachecontroller"} | |
}}, | |
"labels": {"name": "apachecontroller"} | |
} | |
3. Open up a extra terminal to the minion and watch for containers. | |
# watch -n1 docker ps | |
4. Deploy the controller. | |
# kubecfg -c controller.json create replicationControllers | |
5. After the container has been launched, check the web server. | |
# curl http://localhost:8080 | |
6. Go to master, delete a pod. | |
# kubecfg list pods | |
# kubecfg delete /pod/fedoraapache | |
7. Mention that the pod gets restarted | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment