skyrocknroll/cpaas-bootcamp.md

## cpaas-bootcamp.md

      
    Raw
  

              cpaas-bootcamp.md
            
          
Create multi node cluster

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker

kind create cluster --name cpaas --config kind-config.yaml

kubectl get replicaset


## istio.md

      
    Raw
  

              istio.md
            
          
https://istio.io/latest/docs/setup/install/istioctl/
https://istio.io/latest/docs/examples/bookinfo/

If you disabled automatic sidecar injection during installation and rely on manual sidecar injection, use the istioctl kube-inject command to modify the bookinfo.yaml file before deploying your application.

$ kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)


Good Place to start https://istio.io/latest/docs/setup/getting-started/


## k8s-homelab.md

      
    Raw
  

              k8s-homelab.md
            
          
Need to schedule ingress container in digital ocean and rest all the pods in uva-rig
using nodeSelector and taints were able to do it.  https://kubernetes.io/docs/reference/labels-annotations-taints/

apiVersion: v1
kind: Pod
metadata:
  name: nginx-ingress
  labels:
    env: test
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
  tolerations:
  - key: "node-role.kubernetes.io/master"
    operator: "Exists"
    effect: "NoSchedule"
  nodeSelector:
    kubernetes.io/hostname: do-master-1.k8s.mfapi.in


## kind-config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 30010
    hostPort: 30010
    listenAddress: "127.0.0.1"
    protocol: TCP
- role: worker
- role: worker
- role: worker

## kube-dev-setup.sh
#bin/bash
#echo "cleaning up all kind k8s clusters "
#kind delete clusters --all
set -x
echo "##### Installing kubectl ####"
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
echo "$(<kubectl.sha256)  kubectl" | sha256sum --check
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl completion bash > /etc/bash_completion.d/kubectl
echo "##### Installing kind ####"
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64
chmod +x ./kind
sudo install -o root -g root -m 0755 kind /usr/local/bin/kind

echo "##### Installing docker ####"
sudo apt-get remove docker docker-engine docker.io containerd runc -y
sudo apt-get update
sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io -y
echo "##### Installing kubens kubectx ####"
wget -O kubens.tar.gz https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubens_v0.9.4_linux_x86_64.tar.gz
wget -O kubectx.tar.gz https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubectx_v0.9.4_linux_x86_64.tar.gz
tar -xvf kubens.tar.gz
tar -xvf kubectx.tar.gz
sudo mv kubens /usr/local/bin
sudo mv kubectx /usr/local/bin

wget -O ~/.complete_alias https://raw.githubusercontent.com/cykerway/complete-alias/master/complete_alias

echo ". ~/.complete_alias" >> ~/.bash_completion

cat >>~/.bashrc <<EOF
alias k=kubectl
alias kns=kubens
alias kctx=kubectx
EOF

cat >>~/.complete_alias <<EOF
complete -F _complete_alias kns
complete -F _complete_alias kctx
complete -F _complete_alias k
EOF

# create registry container unless it already exists
reg_name='kind-registry'
reg_port='5000'
running="$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)"
if [ "${running}" != 'true' ]; then
  docker run \
    -d --restart=always -p "0.0.0.0:${reg_port}:5000" --name "${reg_name}" \
    registry:2
fi

# create a cluster with the local registry enabled in containerd
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: yuva
networking:
  # WARNING: It is _strongly_ recommended that you keep this the default
  # (127.0.0.1) for security reasons. However it is possible to change this.
  apiServerAddress: "127.0.0.1"
  # By default the API server listens on a random open port.
  # You may choose a specific port but probably don't need to in most cases.
  # Using a random port makes it easier to spin up multiple clusters.
  # apiServerPort: 6443
featureGates:
  # any feature gate can be enabled here with "Name": true
  # or disabled here with "Name": false
  # not all feature gates are tested, however
  "EphemeralContainers": true
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 30100
    hostPort: 4222
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30101
    hostPort: 6222
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30102
    hostPort: 8222
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30103
    hostPort: 7777
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30104
    hostPort: 7422
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30105
    hostPort: 7522
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30200
    hostPort: 5432
    listenAddress: "0.0.0.0"
    protocol: TCP
- role: worker
- role: worker
- role: worker
containerdConfigPatches:
- |-
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:${reg_port}"]
    endpoint = ["http://${reg_name}:5000"]
EOF

# connect the registry to the cluster network
# (the network may already be connected)
docker network connect "kind" "${reg_name}" || true

# Document the local registry
# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: local-registry-hosting
  namespace: kube-public
data:
  localRegistryHosting.v1: |
    host: "localhost:${reg_port}"
    help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
EOF

## kube.md

      
    Raw
  

              kube.md
            
          
    Dev Cluster


minikube - old guy works well no load balancer support

minikube service list to get the NodePort IP


kind - works well used by k8s teams natively
K3d
kubens and kubectx to switch seamlessly -- enable alias and autocompletion for alias completion https://github.com/cykerway/complete-alias
Setup kubenetes-dashboard - Faced permission issued followed this https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
Using kind for local cluster
to debug an container https://github.com/aylei/kubectl-debug#quick-start
k debug  --image aylei/debug-agent:latest echoserver-6944fb9c86-rvcst to attach a debugging container
kubectl exec -ti echoserver-6944fb9c86-rvcst -c debugger-h92xm sh


## kubeadm.md

      
    Raw
  

              kubeadm.md
            
          
    tar Cxzvf /usr/local containerd-1.6.8-linux-amd64.tar.gz
wget -O /etc/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
systemctl daemon-reload
systemctl enable --now containerd
systemctl status containerd.service
wget https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
systemctl status containerd.service
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz
wget https://github.com/containerd/nerdctl/releases/download/v1.0.0/nerdctl-1.0.0-linux-amd64.tar.gz
tar -xvf nerdctl-1.0.0-linux-amd64.tar.gz
install -m 755 nerdctl /usr/local/bin/nerdctl
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter


cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sudo sysctl --system

kubeadm master

kubeadm init --control-plane-endpoint=k8s-cluster1.zipyoda.com --pod-network-cidr=172.16.0.0/16 --apiserver-advertise-address=192.168.0.124 --apiserver-cert-extra-sans=192.168.0.124 --node-name=k8s-node1.zipyoda.com


CoreDNS did not come up
install CNI
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.4/manifests/tigera-operator.yaml

By adding the flag --upload-certs to kubeadm init you can temporary upload the control-plane certificates to a Secret in the cluster. Please note that this Secret will expire automatically after 2 hours. The certificates are encrypted using a 32byte key that can be specified using --certificate-key. The same key can be used to download the certificates when additional control-plane nodes are joining, by passing --control-plane and --certificate-key to kubeadm join.
	kind: Cluster
	apiVersion: kind.x-k8s.io/v1alpha4
	nodes:
	- role: control-plane
	extraPortMappings:
	- containerPort: 30010
	hostPort: 30010
	listenAddress: "127.0.0.1"
	protocol: TCP
	- role: worker
	- role: worker
	- role: worker
	#bin/bash
	#echo "cleaning up all kind k8s clusters "
	#kind delete clusters --all
	set -x
	echo "##### Installing kubectl ####"
	curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
	curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
	echo "$(<kubectl.sha256) kubectl" \| sha256sum --check
	sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
	kubectl completion bash > /etc/bash_completion.d/kubectl
	echo "##### Installing kind ####"
	curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64
	chmod +x ./kind
	sudo install -o root -g root -m 0755 kind /usr/local/bin/kind

	echo "##### Installing docker ####"
	sudo apt-get remove docker docker-engine docker.io containerd runc -y
	sudo apt-get update
	sudo apt-get install \
	ca-certificates \
	curl \
	gnupg \
	lsb-release -y
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
	echo \
	"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
	$(lsb_release -cs) stable" \| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
	sudo apt-get update
	sudo apt-get install docker-ce docker-ce-cli containerd.io -y
	echo "##### Installing kubens kubectx ####"
	wget -O kubens.tar.gz https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubens_v0.9.4_linux_x86_64.tar.gz
	wget -O kubectx.tar.gz https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubectx_v0.9.4_linux_x86_64.tar.gz
	tar -xvf kubens.tar.gz
	tar -xvf kubectx.tar.gz
	sudo mv kubens /usr/local/bin
	sudo mv kubectx /usr/local/bin

	wget -O ~/.complete_alias https://raw.githubusercontent.com/cykerway/complete-alias/master/complete_alias

	echo ". ~/.complete_alias" >> ~/.bash_completion

	cat >>~/.bashrc <<EOF
	alias k=kubectl
	alias kns=kubens
	alias kctx=kubectx
	EOF

	cat >>~/.complete_alias <<EOF
	complete -F _complete_alias kns
	complete -F _complete_alias kctx
	complete -F _complete_alias k
	EOF

	# create registry container unless it already exists
	reg_name='kind-registry'
	reg_port='5000'
	running="$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null \|\| true)"
	if [ "${running}" != 'true' ]; then
	docker run \
	-d --restart=always -p "0.0.0.0:${reg_port}:5000" --name "${reg_name}" \
	registry:2
	fi

	# create a cluster with the local registry enabled in containerd
	cat <<EOF \| kind create cluster --config=-
	kind: Cluster
	apiVersion: kind.x-k8s.io/v1alpha4
	name: yuva
	networking:
	# WARNING: It is _strongly_ recommended that you keep this the default
	# (127.0.0.1) for security reasons. However it is possible to change this.
	apiServerAddress: "127.0.0.1"
	# By default the API server listens on a random open port.
	# You may choose a specific port but probably don't need to in most cases.
	# Using a random port makes it easier to spin up multiple clusters.
	# apiServerPort: 6443
	featureGates:
	# any feature gate can be enabled here with "Name": true
	# or disabled here with "Name": false
	# not all feature gates are tested, however
	"EphemeralContainers": true
	nodes:
	- role: control-plane
	extraPortMappings:
	- containerPort: 30100
	hostPort: 4222
	listenAddress: "0.0.0.0"
	protocol: TCP
	- containerPort: 30101
	hostPort: 6222
	listenAddress: "0.0.0.0"
	protocol: TCP
	- containerPort: 30102
	hostPort: 8222
	listenAddress: "0.0.0.0"
	protocol: TCP
	- containerPort: 30103
	hostPort: 7777
	listenAddress: "0.0.0.0"
	protocol: TCP
	- containerPort: 30104
	hostPort: 7422
	listenAddress: "0.0.0.0"
	protocol: TCP
	- containerPort: 30105
	hostPort: 7522
	listenAddress: "0.0.0.0"
	protocol: TCP
	- containerPort: 30200
	hostPort: 5432
	listenAddress: "0.0.0.0"
	protocol: TCP
	- role: worker
	- role: worker
	- role: worker
	containerdConfigPatches:
	- \|-
	[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:${reg_port}"]
	endpoint = ["http://${reg_name}:5000"]
	EOF

	# connect the registry to the cluster network
	# (the network may already be connected)
	docker network connect "kind" "${reg_name}" \|\| true

	# Document the local registry
	# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
	cat <<EOF \| kubectl apply -f -
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: local-registry-hosting
	namespace: kube-public
	data:
	localRegistryHosting.v1: \|
	host: "localhost:${reg_port}"
	help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
	EOF