K8s - Hetzner

Page content

Source

https://www.youtube.com/watch?v=dEAtD9PVr_Q

get Host

Build a VM on Hetzner, Ubuntu 22.04

Patch

Patch the Box

apt-get update
apt-get --fix-broken install
apt-get -y upgrade
apt-get install lynx uptimed

Kurl Small

give a try with kurl. the Open Source Kubernetes Installer ;)

time curl https://kurl.sh/ccedeec |bash |tee -a install.md
real	4m5.149s
user	1m26.425s
sys	0m22.249s

Kurl Full

same as small, but with most options enabled

curl https://kurl.sh/13609c3 | sudo bash

Ressource Warning

got a warning as i took a bit a small VM (CX21). Just ignore it.

[WARN] Number of CPUs: At least 4 CPU cores are recommended
[WARN] Amount of Memory: At least 8G of memory is recommended

Profile

add a nice alias and source the profile again

cat << EOF >> /etc/profile
# aliases
alias k='kubectl'
EOF
source /etc/profile

MetallLB 0.13.10

give a try to MetalLB

Apply Manifest

kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml

Add IP Pool

cat << EOF > metallb.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: first-pool
  namespace: metallb-system
spec:
  addresses:
  - 172.16.16.240-172.16.16.250
EOF

Create Pool

k create -f metallb.yaml 

show pods

k -n metallb-system get pod
root@k8s02:~/metallb# k -n metallb-system get pod
NAME                              READY   STATUS    RESTARTS   AGE
pod/controller-595f88d88f-skgdw   1/1     Running   0          49s
pod/speaker-jj4ct                 1/1     Running   0          48s
pod/speaker-zth2x                 1/1     Running   0          48s

show status

k -n metallb-system get all
root@k8s02:~/metallb# k -n metallb-system get all

NAME                      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/webhook-service   ClusterIP   10.96.0.94   <none>        443/TCP   49s

NAME                     DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/speaker   2         2         2       2            2           kubernetes.io/os=linux   49s

NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/controller   1/1     1            1           49s

NAME                                    DESIRED   CURRENT   READY   AGE
replicaset.apps/controller-595f88d88f   1         1         1       49s

Deploy Nginx

deploy a little App to the the Loadbalancer

k create deploy nginx --image nginx
root@k8s02:~/metallb# k create deploy nginx --image nginx
deployment.apps/nginx created

Expose Service

k expose deploy nginx --port 80 --type LoadBalancer
root@k8s02:~/metallb# k expose deploy nginx --port 80 --type LoadBalancer
service/nginx exposed

Confirm Service

k get svc
root@k8s02:~/metallb# k get svc
NAME         TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)        AGE
kubernetes   ClusterIP      10.96.0.1     <none>          443/TCP        12m
nginx        LoadBalancer   10.96.1.185   172.16.16.240   80:21136/TCP   9s

Get Pods

k get pods
root@k8s02:~/metallb# k get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-77b4fdf86c-5rld9   1/1     Running   0          55s

Connect with Lynx

 lynx 172.16.16.240

-> ok

remove nginx

k delete svc nginx
k delete deploy nginx

Show Namespace

k get ns
root@k8s02:~/metallb# k get ns
NAME              STATUS   AGE
default           Active   22m
kube-flannel      Active   21m
kube-node-lease   Active   22m
kube-public       Active   22m
kube-system       Active   22m
kurl              Active   22m
metallb-system    Active   11m
minio             Active   21m
openebs           Active   21m

Install Helm

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

add repo

helm repo add bitnami https://charts.bitnami.com/bitnami
helm search repo bitnami
root@k8s02:~/metallb#  helm search repo bitnami
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /etc/kubernetes/admin.conf
NAME                                        	CHART VERSION	APP VERSION  	DESCRIPTION
bitnami/airflow                             	14.2.5       	2.6.1        	Apache Airflow is a tool to express and execute...
bitnami/apache                              	9.6.3        	2.4.57       	Apache HTTP Server is an open-source HTTP serve...
bitnami/apisix                              	1.0.1        	3.3.0        	Apache APISIX is high-performance, real-time AP...
bitnami/appsmith                            	0.3.7        	1.9.21       	Appsmith is an open source platform for buildin...
bitnami/argo-cd                             	4.7.6        	2.7.4        	Argo CD is a continuous delivery tool for Kuber...

add helm repo

helm repo add traefik https://helm.traefik.io/traefik
helm repo update
helm repo list

search for traefik

helm search repo traefik
root@k8s02:~/metallb# helm search repo traefik
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /etc/kubernetes/admin.conf
NAME                	CHART VERSION	APP VERSION	DESCRIPTION
traefik/traefik     	23.1.0       	v2.10.1    	A Traefik based Kubernetes ingress controller
traefik/traefik-mesh	4.1.1        	v1.4.8     	Traefik Mesh - Simpler Service Mesh
traefik/traefikee   	1.13.0       	v2.10.1    	Traefik Enterprise is a unified cloud-native ne...
traefik/hub-agent   	1.6.0        	v1.4.2     	Traefik Hub is an all-in-one global networking ...
traefik/maesh       	2.1.2        	v1.3.2     	Maesh - Simpler Service Mesh  

retreive full config

helm show values traefik/traefik > /tmp/traefik-values.yaml

Update Persistence

-> set to: True

vim /tmp/traefik-values.yaml
persistence:
  # -- Enable persistence using Persistent Volume Claims
  # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
  # It can be used to store TLS certificates, see `storage` in certResolvers
  enabled: true

Deploy Traefik

helm install traefik traefik/traefik --values /tmp/traefik-values.yaml -n traefik --create-namespace
root@k8s02:~/metallb# helm install traefik traefik/traefik --values /tmp/traefik-values.yaml -n traefik --create-namespace
NAME: traefik
LAST DEPLOYED: Sat Jun 10 15:43:55 2023
NAMESPACE: traefik
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Traefik Proxy v2.10.1 has been deployed successfully on traefik namespace !

🚨 When enabling persistence for certificates, permissions on acme.json can be
lost when Traefik restarts. You can ensure correct permissions with an
initContainer. See https://github.com/traefik/traefik-helm-chart/issues/396 for
more info. 🚨

list Traefik

helm list -n traefik
root@k8s02:~/metallb# helm list -n traefik
NAME   	NAMESPACE	REVISION	UPDATED                                	STATUS  	CHART         	APP VERSION
traefik	traefik  	1       	2023-06-10 15:43:55.161061009 +0000 UTC	deployed	traefik-23.1.0	v2.10.1  

get all on Namespace traefik

k -n traefik get all
root@k8s02:~/metallb# k -n traefik get all
NAME                           READY   STATUS    RESTARTS   AGE
pod/traefik-795f46ffb5-nqzc8   1/1     Running   0          69s

NAME              TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                      AGE
service/traefik   LoadBalancer   10.96.2.139   172.16.16.240   80:50914/TCP,443:34670/TCP   70s

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/traefik   1/1     1            1           69s

NAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/traefik-795f46ffb5   1         1         1       69s

Forward Port on Localhost

k -n traefik port-forward traefik-795f46ffb5-nqzc8 9000:9000
root@k8s02:~/metallb# k -n traefik port-forward traefik-795f46ffb5-nqzc8 9000:9000
Forwarding from 127.0.0.1:9000 -> 9000
Forwarding from [::1]:9000 -> 9000

2nd Terminal

lynx 127.0.0.1:9000/dashboard/

-> ok

Forward Port on Public IP

k -n traefik port-forward --address 116.xxx.xxx.xx traefik-795f46ffb5-nqzc8 9000:9000
root@k8s02:~/metallb# k -n traefik port-forward --address 116.xxx.xxx.xx traefik-795f46ffb5-nqzc8 9000:9000
Forwarding from 116.xxx.xxx.33:9000 -> 9000

Access Traefik Dashboard

http://116.xxx.xxx.33:9000/dashboard/#/

-> ok

Cleanup

show all pod

kubectl get pods --all-namespaces

show all namespaces

kubectl get deployments -n <namespace-name>

delete a namespace

kubectl delete namespace <namespace-name>

delete all deployments

kubectl delete deployment --all

Any Comments ?

sha256: 9c35a7ed52c22a1336f10e081a9302564fe8d0cd3c66cd8e88d728c9909fd838