Jé pa l'temps #24 - Kubernetes's best practices

Improvements to become better

• Do not give the same name to namespace between production and local environment, it could save your life if you do shit when making local things (e.g. replace production secret without you understand it). Use {{namespace}}-production for the production cluster should be a good idea, firstly because the name explicitly tell you what it is, secondly because I love the idea to have hard name to tap in production; difficulty prevents you from loving what you are doing and touching production thing is a very bad thing (but everyone makes it).

— — — — — — — — — — — — — — — — — — — — —

La série « Jé pa l’temps » est une série de tutoriels rapides en mode “prise de note” pour avoir une trace de tout ce dont je ne peux me rappeler et pourquoi pas le partager à d’autre. On va à l’essentiel, laissons les jolis pavés à d’autres sites comme medium… LOL !

Jé pa l'temps #22 - Force to delete a terminating ns in Kubernetes

Thought API methods

Firstly you hate to request the API to get namespace’s data and dave them.

# Describe namespace data and save it to a JSON
kubectl get namespace longhorn-system -o json > tmp.json

After that, editing this JSON to remove finalizers: it should became an empty array.

Once it is done, you want to apply the changes to your cluster. For doing that, you can proxy your cluster’s API to the local.

Jé pa l'temps #10 - Local development with k3d

What is k3d ?

k3d is a CLI tool that allows you to easily start and manage a k3s local cluster. k3s is a rancher’s project that provide a Kubernetes like cluster lighter with interested features for

https://github.com/rancher/k3d

Launch local cluster

k3d create -n myCluster

With a local registry

Using Tilt’s script, it launches a local registry to accelerate local development

curl https://raw.githubusercontent.com/tilt-dev/k3d-local-registry/master/k3d-with-registry.sh | bash /dev/stdin \
  -w 2 \
  -p "80:80" \
  -p "443:443" \
  --server-arg "--no-deploy=traefik"

• -w: define the number of worker you want (k3s node).
• -p: published port (like Docker) ! If you expose TCP/UDP port with traefik, you have to publish port to access it.
• --no-deploy=traefik: option to do not deploy feature. It is useful to not deploy Traefik if you have your own ingress controller.

Storage

If you have issue with pvc, verify that storageClassName is not defined as default. Indeed, with k3s only local-path storage is allowed and default className prevent from using this.

k3s

Multi master with k3s

Source

Start the first master

curl -sfL https://get.k3s.io | sh -s - --no-deploy=traefik  --cluster-init

check the node (you should have one)

kubectl get nodes

Get the token

cat /var/lib/rancher/k3s/server/node-token

Start another master

curl -sfL https://get.k3s.io | sh -s - --no-deploy=traefik --server https://IP:6443 --token "TOKEN"

Enjoy :heart:

Archived

Cool links:

• https://medium.com/@rboulanouar/5fe6c3497a1e1
• https://ahmermansoor.blogspot.com/2019/05/install-lightweight-kubernetes-k3s-with-k3os.html
• https://github.com/rancher/k3os/blob/master/README.md

Questions ? (for me)

• Package manager ? (apt equivalent)

Installation

• Download executable (https://k3os.io/ not https://k3s.io/ if you want k3s as your OS)
• Boot
• Change rancher password : sudo passwd rancher
• Connect with ssh

Setup

• Install OS: sudo os-config
• Special part (Config system with cloud-init file?)
• Install as server
• token or cluster secret will be require when you want to add a new node to your cluster
• One you have installed k3s, you should rechange the password ! (First time you changed it to the OS loaded in ram)
• Try kubectl get nodes. Finish !

Add ssh key

Here https://github.com/rancher/k3os/blob/master/README.md#configuration-reference there is an example of /var/lib/rancher/k3os/config.yaml which is a file readed at the boot of k3s. It allows you to specify public keys.