yum install httpd -y
echo "
Deployed by terraform!!!
" > /var/www/html/index.htmlservice httpd start
chkconfig httpd on
Friday, September 27, 2019
teraform - ec2 instances
# Provision 2 ec2 instances
resource "aws_instance" "my-instance" {
ami = "${lookup(var.region_ami, var.aws_region)}"
instance_type = "t2.micro"
count = 3
vpc_security_group_ids = ["${aws_security_group.webservers_sg.id}"]
subnet_id = "${element(aws_subnet.subnets.*.id,count.index)}"
user_data = "${file("webserver.sh")}"
associate_public_ip_address = true
tags {
Name = "ByTerraform"
Department = "Training"
}
}
resource "aws_instance" "my-instance" {
ami = "${lookup(var.region_ami, var.aws_region)}"
instance_type = "t2.micro"
count = 3
vpc_security_group_ids = ["${aws_security_group.webservers_sg.id}"]
subnet_id = "${element(aws_subnet.subnets.*.id,count.index)}"
user_data = "${file("webserver.sh")}"
associate_public_ip_address = true
tags {
Name = "ByTerraform"
Department = "Training"
}
}
terraform - vpc subnet
# Define VPC
resource "aws_vpc" "myvpc" {
cidr_block = "${var.vpc_cidr}"
tags {
Name = "myvpc"
}
}
# Define subnet
resource "aws_subnet" "subnets" {
count = "${length(var.subnets_cidr)}"
availability_zone = "${element(data.aws_availability_zones.azs.names,count.index)}"
cidr_block = "${element(var.subnets_cidr,count.index)}"
vpc_id = "${aws_vpc.myvpc.id}"
tags {
Name = "Subnet-${count.index + 1}"
}
}
# Create and attach Internet Gateway
resource "aws_internet_gateway" "igw" {
vpc_id = "${aws_vpc.myvpc.id}"
tags {
Name = "myvpc-igw"
}
}
# Custom route table for public subnets
resource "aws_route_table" "public_rt" {
vpc_id = "${aws_vpc.myvpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw.id}"
}
tags {
Name = "main"
}
}
# associate public route table for all public subnets
resource "aws_route_table_association" "a" {
# We have to fixit later
#count = "${length(aws_subnet.subnets.*.id)}"
subnet_id = "${element(aws_subnet.subnets.*.id,count.index)}"
route_table_id = "${aws_route_table.public_rt.id}"
}
resource "aws_vpc" "myvpc" {
cidr_block = "${var.vpc_cidr}"
tags {
Name = "myvpc"
}
}
# Define subnet
resource "aws_subnet" "subnets" {
count = "${length(var.subnets_cidr)}"
availability_zone = "${element(data.aws_availability_zones.azs.names,count.index)}"
cidr_block = "${element(var.subnets_cidr,count.index)}"
vpc_id = "${aws_vpc.myvpc.id}"
tags {
Name = "Subnet-${count.index + 1}"
}
}
# Create and attach Internet Gateway
resource "aws_internet_gateway" "igw" {
vpc_id = "${aws_vpc.myvpc.id}"
tags {
Name = "myvpc-igw"
}
}
# Custom route table for public subnets
resource "aws_route_table" "public_rt" {
vpc_id = "${aws_vpc.myvpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw.id}"
}
tags {
Name = "main"
}
}
# associate public route table for all public subnets
resource "aws_route_table_association" "a" {
# We have to fixit later
#count = "${length(aws_subnet.subnets.*.id)}"
subnet_id = "${element(aws_subnet.subnets.*.id,count.index)}"
route_table_id = "${aws_route_table.public_rt.id}"
}
teraform- variables
variable "aws_region" {
default = "ap-south-1"
}
# CIDR block for VPC
variable "vpc_cidr" {
default = "10.20.0.0/16"
}
# CIDR block for Subnet
variable "subnets_cidr" {
type = "list"
default = ["10.20.1.0/24", "10.20.2.0/24"]
}
# Region and AMI mapping variable
variable "region_ami" {
type = "map"
default = {
ap-south-1 = "ami-531a4c3c"
us-west-2 = "ami-f2d3638a"
}
}
default = "ap-south-1"
}
# CIDR block for VPC
variable "vpc_cidr" {
default = "10.20.0.0/16"
}
# CIDR block for Subnet
variable "subnets_cidr" {
type = "list"
default = ["10.20.1.0/24", "10.20.2.0/24"]
}
# Region and AMI mapping variable
variable "region_ami" {
type = "map"
default = {
ap-south-1 = "ami-531a4c3c"
us-west-2 = "ami-f2d3638a"
}
}
terraform -secutiry groups
resource "aws_security_group" "webservers_sg" {
name = "webservers_sg"
description = "Allow http and ssh traffic"
vpc_id = "${aws_vpc.myvpc.id}"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
name = "webservers_sg"
description = "Allow http and ssh traffic"
vpc_id = "${aws_vpc.myvpc.id}"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
Terraform - elb.tf
# Create a new load balancer
resource "aws_elb" "javahome_elb" {
name = "javahome-elb"
subnets = ["${aws_subnet.subnets.*.id}"]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:80/index.html"
interval = 10
}
instances = ["${aws_instance.my-instance.*.id}"]
cross_zone_load_balancing = true
idle_timeout = 400
connection_draining = true
connection_draining_timeout = 400
security_groups = ["${aws_security_group.webservers_sg.id}"]
tags {
Name = "javahome-terraform-elb"
}
}
resource "aws_elb" "javahome_elb" {
name = "javahome-elb"
subnets = ["${aws_subnet.subnets.*.id}"]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:80/index.html"
interval = 10
}
instances = ["${aws_instance.my-instance.*.id}"]
cross_zone_load_balancing = true
idle_timeout = 400
connection_draining = true
connection_draining_timeout = 400
security_groups = ["${aws_security_group.webservers_sg.id}"]
tags {
Name = "javahome-terraform-elb"
}
}
ansible playbook for instaling web server
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.07.24 23:56:35 =~=~=~=~=~=~=~=~=~=~=~=
hostname
xxxx.7dd7.example.xxxx.com
[devops@xxxx 0 ~/ansible_implementation]$ export GUID=`hostname | awk -F"." '{print $2}'`
[devops@xxxx 0 ~/ansible_implementation]$ cat << EOF > webserver_smoketest.yml
> - name: Verify the Apache service
> hosts: localhost
> tasks:
> - name: Ensure the webserver is reachable
> uri:
> url: http://xxxx1.${GUID}.internal
> status_code: 200
> EOF
[devops@xxxx 0 ~/ansible_implementation]$ ll
total 20
-rw-rw-r--. 1 devops devops 91 Jul 24 17:49 ansible.cfg
drwxrwxr-x. 4 devops devops 4096 Jul 24 18:09 ansible_implementation_grading/
-rw-rw-r--. 1 devops devops 106 Jul 24 17:50 hosts
-rw-rw-r--. 1 devops devops 1038 Jul 24 18:13 variable_test.yml
-rw-rw-r--. 1 devops devops 183 Jul 24 18:27 webserver_smoketest.yml
[devops@xxxx 0 ~/ansible_implementation]$ ansible-playbook variable_test.yml
[WARNING]: Could not match supplied host pattern, ignoring: webservers
PLAY [Install Apache and start the service] ****************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************
[devops@xxxx 0 ~/ansible_implementation]$ cat hosts
frontend1.7dd7.internal
xxxxdb1.7dd7.internal
xxxx1.7dd7.internal
support1.7dd7.internal
xxxx2.7dd7.internal
[devops@xxxx 0 ~/ansible_implementation]$ cat variable_test.yml
- name: Install Apache and start the service
hosts: webservers
become: yes
vars:
web_pkg: httpd
firewall_pkg: firewalld
web_service: httpd
firewall_service: firewalld
python_pkg: python-httplib2
rule: http
tasks:
- name: Install the required packages
yum:
name:
- "{{ web_pkg }}"
- "{{ firewall_pkg }}"
- "{{ python_pkg }}"
state: latest
- name: Start and enable the {{ firewall_service }} service
service:
name: "{{ firewall_service }}"
enabled: true
state: started
- name: Start and enable the {{ web_service }} service
service:
name: "{{ web_service }}"
enabled: true
state: started
- name: Create web content to be served
copy:
content: "Example web content"
dest: /var/www/html/index.html
- name: Open the port for {{ rule }}
firewalld:
service: "{{ rule }}"
permanent: true
immediate: true
state: enabled
[devops@xxxx 0 ~/ansible_implementation]$ ll
total 20
-rw-rw-r--. 1 devops devops 91 Jul 24 17:49 ansible.cfg
drwxrwxr-x. 4 devops devops 4096 Jul 24 18:09 ansible_implementation_grading/
-rw-rw-r--. 1 devops devops 106 Jul 24 17:50 hosts
-rw-rw-r--. 1 devops devops 1038 Jul 24 18:13 variable_test.yml
-rw-rw-r--. 1 devops devops 183 Jul 24 18:27 webserver_smoketest.yml
[devops@xxxx 0 ~/ansible_implementation]$ more ansible.cfg
[defaults]
inventory = /home/devops/ansible_implementation/hosts
host_key_checking = False
[devops@xxxx 0 ~/ansible_implementation]$ cat
^C
[devops@xxxx 130 ~/ansible_implementation]$ cat /home/devops/ansible_implementation/hosts
frontend1.7dd7.internal
xxxxdb1.7dd7.internal
xxxx1.7dd7.internal
support1.7dd7.internal
xxxx2.7dd7.internal
[devops@xxxx 0 ~/ansible_implementation]$ cat /home/devops/ansible_implementation/hostsmore ansible.cfgllcat variable_test.yml hostsansible-playbook variable_test.yml
[WARNING]: Could not match supplied host pattern, ignoring: webservers
PLAY [Install Apache and start the service] ****************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************
[devops@xxxx 0 ~/ansible_implementation]$ cat hosts
frontend1.7dd7.internal
xxxxdb1.7dd7.internal
xxxx1.7dd7.internal
support1.7dd7.internal
xxxx2.7dd7.internal
[devops@xxxx 0 ~/ansible_implementation]$ vi hosts
"hosts" 5L, 106Cfrontend1.7dd7.internal
xxxxdb1.7dd7.internal
xxxx1.7dd7.internal
support1.7dd7.internal
xxxx2.7dd7.internal
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 1,1All-- INSERT --2,1Top2,1All11,1All-- INSERT --1,1Allfrontend1.7dd7.internal2,1All1[1,2Allw3e4b5s6e7r8v9e10r10r1s2
[]1,13All1,12All:wq!
"hosts" 7L, 120C written
[devops@xxxx 0 ~/ansible_implementation]$ vi hostscat hosts ansible-playbook variable_test.yml
PLAY [Install Apache and start the service] ****************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************
ok: [xxxx1.7dd7.internal]
ok: [xxxxdb1.7dd7.internal]
ok: [support1.7dd7.internal]
ok: [frontend1.7dd7.internal]
ok: [xxxx2.7dd7.internal]
TASK [Install the required packages] ***********************************************************************************************************************************
changed: [xxxx2.7dd7.internal]
changed: [support1.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxx1.7dd7.internal]
TASK [Start and enable the firewalld service] **************************************************************************************************************************
changed: [support1.7dd7.internal]
changed: [xxxx1.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxx2.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
TASK [Start and enable the httpd service] ******************************************************************************************************************************
changed: [xxxx1.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
changed: [support1.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxx2.7dd7.internal]
TASK [Create web content to be served] *********************************************************************************************************************************
changed: [xxxx1.7dd7.internal]
changed: [support1.7dd7.internal]
changed: [xxxx2.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
TASK [Open the port for http] ******************************************************************************************************************************************
changed: [xxxx2.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
changed: [xxxx1.7dd7.internal]
changed: [support1.7dd7.internal]
PLAY RECAP *************************************************************************************************************************************************************
xxxx1.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
xxxx2.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
xxxxdb1.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
frontend1.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
support1.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[devops@xxxx 0 ~/ansible_implementation]$
hostname
xxxx.7dd7.example.xxxx.com
[devops@xxxx 0 ~/ansible_implementation]$ export GUID=`hostname | awk -F"." '{print $2}'`
[devops@xxxx 0 ~/ansible_implementation]$ cat << EOF > webserver_smoketest.yml
> - name: Verify the Apache service
> hosts: localhost
> tasks:
> - name: Ensure the webserver is reachable
> uri:
> url: http://xxxx1.${GUID}.internal
> status_code: 200
> EOF
[devops@xxxx 0 ~/ansible_implementation]$ ll
total 20
-rw-rw-r--. 1 devops devops 91 Jul 24 17:49 ansible.cfg
drwxrwxr-x. 4 devops devops 4096 Jul 24 18:09 ansible_implementation_grading/
-rw-rw-r--. 1 devops devops 106 Jul 24 17:50 hosts
-rw-rw-r--. 1 devops devops 1038 Jul 24 18:13 variable_test.yml
-rw-rw-r--. 1 devops devops 183 Jul 24 18:27 webserver_smoketest.yml
[devops@xxxx 0 ~/ansible_implementation]$ ansible-playbook variable_test.yml
[WARNING]: Could not match supplied host pattern, ignoring: webservers
PLAY [Install Apache and start the service] ****************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************
[devops@xxxx 0 ~/ansible_implementation]$ cat hosts
frontend1.7dd7.internal
xxxxdb1.7dd7.internal
xxxx1.7dd7.internal
support1.7dd7.internal
xxxx2.7dd7.internal
[devops@xxxx 0 ~/ansible_implementation]$ cat variable_test.yml
- name: Install Apache and start the service
hosts: webservers
become: yes
vars:
web_pkg: httpd
firewall_pkg: firewalld
web_service: httpd
firewall_service: firewalld
python_pkg: python-httplib2
rule: http
tasks:
- name: Install the required packages
yum:
name:
- "{{ web_pkg }}"
- "{{ firewall_pkg }}"
- "{{ python_pkg }}"
state: latest
- name: Start and enable the {{ firewall_service }} service
service:
name: "{{ firewall_service }}"
enabled: true
state: started
- name: Start and enable the {{ web_service }} service
service:
name: "{{ web_service }}"
enabled: true
state: started
- name: Create web content to be served
copy:
content: "Example web content"
dest: /var/www/html/index.html
- name: Open the port for {{ rule }}
firewalld:
service: "{{ rule }}"
permanent: true
immediate: true
state: enabled
[devops@xxxx 0 ~/ansible_implementation]$ ll
total 20
-rw-rw-r--. 1 devops devops 91 Jul 24 17:49 ansible.cfg
drwxrwxr-x. 4 devops devops 4096 Jul 24 18:09 ansible_implementation_grading/
-rw-rw-r--. 1 devops devops 106 Jul 24 17:50 hosts
-rw-rw-r--. 1 devops devops 1038 Jul 24 18:13 variable_test.yml
-rw-rw-r--. 1 devops devops 183 Jul 24 18:27 webserver_smoketest.yml
[devops@xxxx 0 ~/ansible_implementation]$ more ansible.cfg
[defaults]
inventory = /home/devops/ansible_implementation/hosts
host_key_checking = False
[devops@xxxx 0 ~/ansible_implementation]$ cat
^C
[devops@xxxx 130 ~/ansible_implementation]$ cat /home/devops/ansible_implementation/hosts
frontend1.7dd7.internal
xxxxdb1.7dd7.internal
xxxx1.7dd7.internal
support1.7dd7.internal
xxxx2.7dd7.internal
[devops@xxxx 0 ~/ansible_implementation]$ cat /home/devops/ansible_implementation/hostsmore ansible.cfgllcat variable_test.yml hostsansible-playbook variable_test.yml
[WARNING]: Could not match supplied host pattern, ignoring: webservers
PLAY [Install Apache and start the service] ****************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************
[devops@xxxx 0 ~/ansible_implementation]$ cat hosts
frontend1.7dd7.internal
xxxxdb1.7dd7.internal
xxxx1.7dd7.internal
support1.7dd7.internal
xxxx2.7dd7.internal
[devops@xxxx 0 ~/ansible_implementation]$ vi hosts
"hosts" 5L, 106Cfrontend1.7dd7.internal
xxxxdb1.7dd7.internal
xxxx1.7dd7.internal
support1.7dd7.internal
xxxx2.7dd7.internal
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 1,1All-- INSERT --2,1Top2,1All11,1All-- INSERT --1,1Allfrontend1.7dd7.internal2,1All1[1,2Allw3e4b5s6e7r8v9e10r10r1s2
[]1,13All1,12All:wq!
"hosts" 7L, 120C written
[devops@xxxx 0 ~/ansible_implementation]$ vi hostscat hosts ansible-playbook variable_test.yml
PLAY [Install Apache and start the service] ****************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************
ok: [xxxx1.7dd7.internal]
ok: [xxxxdb1.7dd7.internal]
ok: [support1.7dd7.internal]
ok: [frontend1.7dd7.internal]
ok: [xxxx2.7dd7.internal]
TASK [Install the required packages] ***********************************************************************************************************************************
changed: [xxxx2.7dd7.internal]
changed: [support1.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxx1.7dd7.internal]
TASK [Start and enable the firewalld service] **************************************************************************************************************************
changed: [support1.7dd7.internal]
changed: [xxxx1.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxx2.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
TASK [Start and enable the httpd service] ******************************************************************************************************************************
changed: [xxxx1.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
changed: [support1.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxx2.7dd7.internal]
TASK [Create web content to be served] *********************************************************************************************************************************
changed: [xxxx1.7dd7.internal]
changed: [support1.7dd7.internal]
changed: [xxxx2.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
TASK [Open the port for http] ******************************************************************************************************************************************
changed: [xxxx2.7dd7.internal]
changed: [frontend1.7dd7.internal]
changed: [xxxxdb1.7dd7.internal]
changed: [xxxx1.7dd7.internal]
changed: [support1.7dd7.internal]
PLAY RECAP *************************************************************************************************************************************************************
xxxx1.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
xxxx2.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
xxxxdb1.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
frontend1.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
support1.7dd7.internal : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[devops@xxxx 0 ~/ansible_implementation]$
Deploy docker container using kubectl
$ kubectl create -f deployment.yaml
Error from server (AlreadyExists): error when creating "deployment.yaml": deployments.extensions "webapp1" already exists
$ kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
webapp1 1/1 1 1 37s
$ kubectl describe deployment webapp1
Name: webapp1
Namespace: default
CreationTimestamp: Sun, 28 Jul 2019 05:44:54 +0000
Labels: app=webapp1
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=webapp1
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 1 max unavailable, 1 max surge
Pod Template:
Labels: app=webapp1
Containers:
webapp1:
Image: katacoda/docker-http-server:latest
Port: 80/TCP
Host Port: 0/TCP
Environment:
Mounts:
Volumes:
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
OldReplicaSets:
NewReplicaSet: webapp1-5f4c9c89 (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 44s deployment-controller Scaled up replica set webapp1-5f4c9c89 to 1
$ kubectl create -f service.yaml
service/webapp1-svc created
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 443/TCP 2m21s
webapp1-svc NodePort 10.109.11.197 80:30080/TCP 5s
$ kubectl describe svc webapp1-svc
Name: webapp1-svc
Namespace: default
Labels: app=webapp1
Annotations:
Selector: app=webapp1
Type: NodePort
IP: 10.109.11.197
Port: 80/TCP
TargetPort: 80/TCP
NodePort: 30080/TCP
Endpoints: 172.18.0.4:80
Session Affinity: None
External Traffic Policy: Cluster
Events:
$ curl host01:30080
$ kubectl apply -f deployment.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.extensions/webapp1 configured
$ kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
webapp1 1/1 1 1 73s
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
Error from server (AlreadyExists): error when creating "deployment.yaml": deployments.extensions "webapp1" already exists
$ kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
webapp1 1/1 1 1 37s
$ kubectl describe deployment webapp1
Name: webapp1
Namespace: default
CreationTimestamp: Sun, 28 Jul 2019 05:44:54 +0000
Labels: app=webapp1
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=webapp1
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 1 max unavailable, 1 max surge
Pod Template:
Labels: app=webapp1
Containers:
webapp1:
Image: katacoda/docker-http-server:latest
Port: 80/TCP
Host Port: 0/TCP
Environment:
Mounts:
Volumes:
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
OldReplicaSets:
NewReplicaSet: webapp1-5f4c9c89 (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 44s deployment-controller Scaled up replica set webapp1-5f4c9c89 to 1
$ kubectl create -f service.yaml
service/webapp1-svc created
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1
webapp1-svc NodePort 10.109.11.197
$ kubectl describe svc webapp1-svc
Name: webapp1-svc
Namespace: default
Labels: app=webapp1
Annotations:
Selector: app=webapp1
Type: NodePort
IP: 10.109.11.197
Port:
TargetPort: 80/TCP
NodePort:
Endpoints: 172.18.0.4:80
Session Affinity: None
External Traffic Policy: Cluster
Events:
$ curl host01:30080
This request was processed by host: webapp1-5f4c9c89-kglpw
$ kubectl apply -f deployment.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.extensions/webapp1 configured
$ kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
webapp1 1/1 1 1 73s
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
Deploy Guestbook example on Kubernetes
Deploy Guestbook example on Kubernetes
master $ mkdir -p /root/tutorial; cd /root/tutorial; launch.sh
Waiting for Kubernetes to start...
Kubernetes started
master $ launch.sh
Waiting for Kubernetes to start...
Kubernetes started
master $ kubectl cluster-info
Kubernetes master is running at https://172.17.0.63:6443
KubeDNS is running at https://172.17.0.63:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
master $ kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 28m v1.14.0
node01 Ready 28m v1.14.0
master $ kubectl create -f redis-master-controller.yaml
replicationcontroller/redis-master created
master $ kubectl get rc
NAME DESIRED CURRENT READY AGE
redis-master 1 1 1 4s
master $ kubectl get pods
NAME READY STATUS RESTARTS AGE
redis-master-cgwfh 1/1 Running 0 6s
master $ kubectl create -f redis-master-service.yaml
service/redis-master created
master $ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 443/TCP 29m
redis-master ClusterIP 10.106.81.31 6379/TCP 2s
master $ kubectl describe services redis-master
Name: redis-master
Namespace: default
Labels: name=redis-master
Annotations:
Selector: name=redis-master
Type: ClusterIP
IP: 10.106.81.31
Port: 6379/TCP
TargetPort: 6379/TCP
Endpoints: 10.44.0.1:6379
Session Affinity: None
Events:
master $ kubectl create -f redis-slave-controller.yaml
replicationcontroller/redis-slave created
master $ kubectl create -f redis-slave-controller.yaml
Error from server (AlreadyExists): error when creating "redis-slave-controller.yaml": replicationcontrollers "redis-slave" already exists
master $ kubectl get rc
NAME DESIRED CURRENT READY AGE
redis-master 1 1 1 34s
redis-slave 2 2 2 5s
master $ kubectl create -f frontend-controller.yaml
replicationcontroller/frontend created
master $ kubectl get rc
NAME DESIRED CURRENT READY AGE
frontend 3 3 3 5s
redis-master 1 1 1 47s
redis-slave 2 2 2 18s
master $ kubectl get pods
NAME READY STATUS RESTARTS AGE
frontend-bvltj 1/1 Running 0 6s
frontend-cnwwx 1/1 Running 0 6s
frontend-q76tm 1/1 Running 0 6s
redis-master-cgwfh 1/1 Running 0 48s
redis-slave-rfl5v 1/1 Running 0 19s
redis-slave-zpfh8 1/1 Running 0 19s
master $ kubectl create -f frontend-service.yaml
service/frontend created
master $ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
frontend NodePort 10.99.77.49 80:30080/TCP 1s
kubernetes ClusterIP 10.96.0.1 443/TCP 30m
redis-master ClusterIP 10.106.81.31 6379/TCP 43s
master $ kubectl get pods
NAME READY STATUS RESTARTS AGE
frontend-bvltj 1/1 Running 0 25s
frontend-cnwwx 1/1 Running 0 25s
frontend-q76tm 1/1 Running 0 25s
redis-master-cgwfh 1/1 Running 0 67s
redis-slave-rfl5v 1/1 Running 0 38s
redis-slave-zpfh8 1/1 Running 0 38s
master $ kubectl describe service frontend | grep NodePort
Type: NodePort
NodePort: 30080/TCP
master $ mkdir -p /root/tutorial; cd /root/tutorial; launch.sh
Waiting for Kubernetes to start...
Kubernetes started
master $ launch.sh
Waiting for Kubernetes to start...
Kubernetes started
master $ kubectl cluster-info
Kubernetes master is running at https://172.17.0.63:6443
KubeDNS is running at https://172.17.0.63:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
master $ kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 28m v1.14.0
node01 Ready
master $ kubectl create -f redis-master-controller.yaml
replicationcontroller/redis-master created
master $ kubectl get rc
NAME DESIRED CURRENT READY AGE
redis-master 1 1 1 4s
master $ kubectl get pods
NAME READY STATUS RESTARTS AGE
redis-master-cgwfh 1/1 Running 0 6s
master $ kubectl create -f redis-master-service.yaml
service/redis-master created
master $ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1
redis-master ClusterIP 10.106.81.31
master $ kubectl describe services redis-master
Name: redis-master
Namespace: default
Labels: name=redis-master
Annotations:
Selector: name=redis-master
Type: ClusterIP
IP: 10.106.81.31
Port:
TargetPort: 6379/TCP
Endpoints: 10.44.0.1:6379
Session Affinity: None
Events:
master $ kubectl create -f redis-slave-controller.yaml
replicationcontroller/redis-slave created
master $ kubectl create -f redis-slave-controller.yaml
Error from server (AlreadyExists): error when creating "redis-slave-controller.yaml": replicationcontrollers "redis-slave" already exists
master $ kubectl get rc
NAME DESIRED CURRENT READY AGE
redis-master 1 1 1 34s
redis-slave 2 2 2 5s
master $ kubectl create -f frontend-controller.yaml
replicationcontroller/frontend created
master $ kubectl get rc
NAME DESIRED CURRENT READY AGE
frontend 3 3 3 5s
redis-master 1 1 1 47s
redis-slave 2 2 2 18s
master $ kubectl get pods
NAME READY STATUS RESTARTS AGE
frontend-bvltj 1/1 Running 0 6s
frontend-cnwwx 1/1 Running 0 6s
frontend-q76tm 1/1 Running 0 6s
redis-master-cgwfh 1/1 Running 0 48s
redis-slave-rfl5v 1/1 Running 0 19s
redis-slave-zpfh8 1/1 Running 0 19s
master $ kubectl create -f frontend-service.yaml
service/frontend created
master $ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
frontend NodePort 10.99.77.49
kubernetes ClusterIP 10.96.0.1
redis-master ClusterIP 10.106.81.31
master $ kubectl get pods
NAME READY STATUS RESTARTS AGE
frontend-bvltj 1/1 Running 0 25s
frontend-cnwwx 1/1 Running 0 25s
frontend-q76tm 1/1 Running 0 25s
redis-master-cgwfh 1/1 Running 0 67s
redis-slave-rfl5v 1/1 Running 0 38s
redis-slave-zpfh8 1/1 Running 0 38s
master $ kubectl describe service frontend | grep NodePort
Type: NodePort
NodePort:
docker capabalities
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it alpine chown nobody /
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
050382585609: Pull complete
Digest: sha256:6a92cd1fcdc8d8cdec60f33dda4db2cb1fcdcacf3410a8e05b3741f44a9b5998
Status: Downloaded newer image for alpine:latest
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it --cap-drop ALL --cap-add CHOWN alpine chown nobody /
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it --cap-drop CHOWN alpine chown nobody /
chown: /: Operation not permitted
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it --cap-add chown -u nobody alpine chown nobody /
chown: /: Operation not permitted
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it alpine sh -c 'apk add -U libcap; capsh --print'
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/1) Installing libcap (2.27-r0)
Executing busybox-1.30.1-r2.trigger
OK: 6 MiB in 15 packages
Current: = cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap+eip
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
Ambient set =
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root)
gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it alpine sh -c 'apk add -U libcap;capsh --help'
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/1) Installing libcap (2.27-r0)
Executing busybox-1.30.1-r2.trigger
OK: 6 MiB in 15 packages
usage: capsh [args ...]
--help this message (or try 'man capsh')
--print display capability relevant state
--decode=xxx decode a hex string to a list of caps
--supports=xxx exit 1 if capability xxx unsupported
--drop=xxx remove xxx,.. capabilities from bset
--addamb=xxx add xxx,... capabilities to ambient set
--delamb=xxx remove xxx,... capabilities from ambient
--noamb=xxx reset the ambient capabilities
--caps=xxx set caps as per cap_from_text()
--inh=xxx set xxx,.. inheritiable set
--secbits= write a new value for securebits
--keep= set keep-capabability bit to
--uid= set uid to (hint: id )
--gid= set gid to (hint: id )
--groups=g,... set the supplemental groups
--user= set uid,gid and groups to that of user
--chroot=path chroot(2) to this path
--killit= send signal(n) to child
--forkfor= fork and make child sleep for sec
== re-exec(capsh) with args as for --
-- remaing arguments are for /bin/bash
(without -- [capsh] will simply exit(0))
[node1] (local) root@192.168.0.13 ~
$
$ docker run --rm -it alpine chown nobody /
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
050382585609: Pull complete
Digest: sha256:6a92cd1fcdc8d8cdec60f33dda4db2cb1fcdcacf3410a8e05b3741f44a9b5998
Status: Downloaded newer image for alpine:latest
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it --cap-drop ALL --cap-add CHOWN alpine chown nobody /
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it --cap-drop CHOWN alpine chown nobody /
chown: /: Operation not permitted
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it --cap-add chown -u nobody alpine chown nobody /
chown: /: Operation not permitted
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it alpine sh -c 'apk add -U libcap; capsh --print'
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/1) Installing libcap (2.27-r0)
Executing busybox-1.30.1-r2.trigger
OK: 6 MiB in 15 packages
Current: = cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap+eip
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
Ambient set =
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root)
gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
[node1] (local) root@192.168.0.13 ~
$ docker run --rm -it alpine sh -c 'apk add -U libcap;capsh --help'
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/1) Installing libcap (2.27-r0)
Executing busybox-1.30.1-r2.trigger
OK: 6 MiB in 15 packages
usage: capsh [args ...]
--help this message (or try 'man capsh')
--print display capability relevant state
--decode=xxx decode a hex string to a list of caps
--supports=xxx exit 1 if capability xxx unsupported
--drop=xxx remove xxx,.. capabilities from bset
--addamb=xxx add xxx,... capabilities to ambient set
--delamb=xxx remove xxx,... capabilities from ambient
--noamb=xxx reset the ambient capabilities
--caps=xxx set caps as per cap_from_text()
--inh=xxx set xxx,.. inheritiable set
--secbits=
--keep=
--uid=
--gid=
--groups=g,... set the supplemental groups
--user=
--chroot=path chroot(2) to this path
--killit=
--forkfor=
== re-exec(capsh) with args as for --
-- remaing arguments are for /bin/bash
(without -- [capsh] will simply exit(0))
[node1] (local) root@192.168.0.13 ~
$
docker swarm cluster
#
[node1] (local) root@192.168.0.23 ~$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker run -dt ubuntu sleep infinity
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
7413c47ba209: Pull complete
0fe7e7cbb2e8: Pull complete
1d425c982345: Pull complete
344da5c95cec: Pull complete
Digest: sha256:c303f19cfe9ee92badbbbd7567bc1ca47789f79303ddcef56f77687d4744cd7a
Status: Downloaded newer image for ubuntu:latest
03fd033d6a89bb78b8a18970985d8bc9b30d5093834a73ffed752a532512042a
[node1] (local) root@192.168.0.23 ~
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03fd033d6a89 ubuntu "sleep infinity" 5 seconds ago Up 4 seconds magical_dhawan
[node1] (local) root@192.168.0.23 ~
$ docker swarm init --advertise-addr $(hostname -i)
Swarm initialized: current node (1ofs9nrhqk9fncucz7aq4gagr) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-060lwu0x956dwl0gnrpu72knzc2sfpe6n3vts59ure1h80dhc1-a00p2kt4m6kbvslfplw3mqbkw 192.168.0.23:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker info
Client:
Debug Mode: false
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 19.03.0-beta2
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentriessplunk syslog
Swarm: active
NodeID: 1ofs9nrhqk9fncucz7aq4gagr
Is Manager: true
ClusterID: 3kxjilauu21dfk7m2pyyq2is9
Managers: 1
Nodes: 3
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 192.168.0.23
Manager Addresses:
192.168.0.23:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 029124da7af7360afa781a0234d1b083550f797c
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-154-generic
Operating System: Alpine Linux v3.9 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.4GiB
Name: node1
ID: 97d199c2-b974-4665-bdc6-f39d1d14cdff
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 43
Goroutines: 181
System Time: 2019-07-28T04:38:26.261556065Z
EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.1
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$ docker service create --name sleep-app ubuntu sleep infinity
o9opnu7wgdzwtebfayg38tamt
overall progress: 1 out of 1 tasks
1/1: running
verify: Service converged
[node1] (local) root@192.168.0.23 ~
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
o9opnu7wgdzw sleep-app replicated 1/1 ubuntu:latest
[node1] (local) root@192.168.0.23 ~
$ docker service update --replicas 7 sleep-app
sleep-app
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running 16 seconds ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Preparing 3 seconds ago
s20fyygsfwbp sleep-app.3 ubuntu:latest node2 Running Preparing 3 seconds ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Preparing 3 seconds ago
scscx0e8hjz3 sleep-app.5 ubuntu:latest node3 Running Preparing 3 seconds ago
hsynqxd1yte5 sleep-app.6 ubuntu:latest node1 Running Running 2 seconds ago
dd1lq6ap070t sleep-app.7 ubuntu:latest node2 Running Preparing 3 seconds ago
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running 22 seconds ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Running 2 seconds ago
s20fyygsfwbp sleep-app.3 ubuntu:latest node2 Running Running 2 seconds ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Running 2 seconds ago
scscx0e8hjz3 sleep-app.5 ubuntu:latest node3 Running Running 2 seconds ago
hsynqxd1yte5 sleep-app.6 ubuntu:latest node1 Running Running 8 seconds ago
dd1lq6ap070t sleep-app.7 ubuntu:latest node2 Running Running 3 seconds ago
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app --replicas
unknown flag: --replicas
See 'docker service ps --help'.
[node1] (local) root@192.168.0.23 ~
$ docker service ps --replicas
unknown flag: --replicas
See 'docker service ps --help'.
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running about a minute ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Running about a minute ago
s20fyygsfwbp sleep-app.3 ubuntu:latest node2 Running Running about a minute ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Running about a minute ago
scscx0e8hjz3 sleep-app.5 ubuntu:latest node3 Running Running about a minute ago
hsynqxd1yte5 sleep-app.6 ubuntu:latest node1 Running Running about a minute ago
dd1lq6ap070t sleep-app.7 ubuntu:latest node2 Running Running about a minute ago
[node1] (local) root@192.168.0.23 ~
$ docker service update --replicas 4 sleep-app
sleep-app
overall progress: 4 out of 4 tasks
1/4: running
2/4: running
3/4: running
4/4: running
verify: Service converged
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running about a minute ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Running about a minute ago
s20fyygsfwbp sleep-app.3 ubuntu:latest node2 Running Running about a minute ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Running about a minute ago
[node1] (local) root@192.168.0.23 ~
$ docker node ls
[node1] (local) root@192.168.0.23 ~$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Ac
tive 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ date
Sun Jul 28 04:45:47 UTC 2019
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a94b251c4512 ubuntu:latest "sleep infinity" 7 minutes ago Up 7 minutes sleep-app.1.ccqjxztpwgp71vp1mltrqon9k
03fd033d6a89 ubuntu "sleep infinity" 9 minutes ago Up 9 minutes magical_dhawan
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$ docker node update --availability drain ^C
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker node update --availability drain 5m6d0kpfhtxlexjqfdgeen36p
5m6d0kpfhtxlexjqfdgeen36p
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Drain 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Drain 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running 22 minutes ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Running 22 minutes ago
he2en7xs7tao sleep-app.3 ubuntu:latest node1 Running Running about a minute ago
s20fyygsfwbp \_ sleep-app.3 ubuntu:latest node2 Shutdown Shutdown about a minute ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Running 22 minutes ago
[node1] (local) root@192.168.0.23 ~
$ docker service rm sleep-app
sleep-app
[node1] (local) root@192.168.0.23 ~
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c785457c7ef7 ubuntu:latest "sleep infinity" About a minute ago Up About a minute sleep-app.3.he2en7xs7taoxxaysfdx4z7my
a94b251c4512 ubuntu:latest "sleep infinity" 22 minutes ago Up 22 minutes sleep-app.1.ccqjxztpwgp71vp1mltrqon9k
03fd033d6a89 ubuntu "sleep infinity" 25 minutes ago Up 24 minutes magical_dhawan
[node1] (local) root@192.168.0.23 ~
$ docker swarm leave --force
Node left the swarm.
[node1] (local) root@192.168.0.23 ~$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker run -dt ubuntu sleep infinity
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
7413c47ba209: Pull complete
0fe7e7cbb2e8: Pull complete
1d425c982345: Pull complete
344da5c95cec: Pull complete
Digest: sha256:c303f19cfe9ee92badbbbd7567bc1ca47789f79303ddcef56f77687d4744cd7a
Status: Downloaded newer image for ubuntu:latest
03fd033d6a89bb78b8a18970985d8bc9b30d5093834a73ffed752a532512042a
[node1] (local) root@192.168.0.23 ~
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03fd033d6a89 ubuntu "sleep infinity" 5 seconds ago Up 4 seconds magical_dhawan
[node1] (local) root@192.168.0.23 ~
$ docker swarm init --advertise-addr $(hostname -i)
Swarm initialized: current node (1ofs9nrhqk9fncucz7aq4gagr) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-060lwu0x956dwl0gnrpu72knzc2sfpe6n3vts59ure1h80dhc1-a00p2kt4m6kbvslfplw3mqbkw 192.168.0.23:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker info
Client:
Debug Mode: false
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 19.03.0-beta2
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentriessplunk syslog
Swarm: active
NodeID: 1ofs9nrhqk9fncucz7aq4gagr
Is Manager: true
ClusterID: 3kxjilauu21dfk7m2pyyq2is9
Managers: 1
Nodes: 3
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 192.168.0.23
Manager Addresses:
192.168.0.23:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 029124da7af7360afa781a0234d1b083550f797c
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-154-generic
Operating System: Alpine Linux v3.9 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.4GiB
Name: node1
ID: 97d199c2-b974-4665-bdc6-f39d1d14cdff
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 43
Goroutines: 181
System Time: 2019-07-28T04:38:26.261556065Z
EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.1
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$ docker service create --name sleep-app ubuntu sleep infinity
o9opnu7wgdzwtebfayg38tamt
overall progress: 1 out of 1 tasks
1/1: running
verify: Service converged
[node1] (local) root@192.168.0.23 ~
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
o9opnu7wgdzw sleep-app replicated 1/1 ubuntu:latest
[node1] (local) root@192.168.0.23 ~
$ docker service update --replicas 7 sleep-app
sleep-app
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running 16 seconds ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Preparing 3 seconds ago
s20fyygsfwbp sleep-app.3 ubuntu:latest node2 Running Preparing 3 seconds ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Preparing 3 seconds ago
scscx0e8hjz3 sleep-app.5 ubuntu:latest node3 Running Preparing 3 seconds ago
hsynqxd1yte5 sleep-app.6 ubuntu:latest node1 Running Running 2 seconds ago
dd1lq6ap070t sleep-app.7 ubuntu:latest node2 Running Preparing 3 seconds ago
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running 22 seconds ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Running 2 seconds ago
s20fyygsfwbp sleep-app.3 ubuntu:latest node2 Running Running 2 seconds ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Running 2 seconds ago
scscx0e8hjz3 sleep-app.5 ubuntu:latest node3 Running Running 2 seconds ago
hsynqxd1yte5 sleep-app.6 ubuntu:latest node1 Running Running 8 seconds ago
dd1lq6ap070t sleep-app.7 ubuntu:latest node2 Running Running 3 seconds ago
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app --replicas
unknown flag: --replicas
See 'docker service ps --help'.
[node1] (local) root@192.168.0.23 ~
$ docker service ps --replicas
unknown flag: --replicas
See 'docker service ps --help'.
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running about a minute ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Running about a minute ago
s20fyygsfwbp sleep-app.3 ubuntu:latest node2 Running Running about a minute ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Running about a minute ago
scscx0e8hjz3 sleep-app.5 ubuntu:latest node3 Running Running about a minute ago
hsynqxd1yte5 sleep-app.6 ubuntu:latest node1 Running Running about a minute ago
dd1lq6ap070t sleep-app.7 ubuntu:latest node2 Running Running about a minute ago
[node1] (local) root@192.168.0.23 ~
$ docker service update --replicas 4 sleep-app
sleep-app
overall progress: 4 out of 4 tasks
1/4: running
2/4: running
3/4: running
4/4: running
verify: Service converged
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running about a minute ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Running about a minute ago
s20fyygsfwbp sleep-app.3 ubuntu:latest node2 Running Running about a minute ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Running about a minute ago
[node1] (local) root@192.168.0.23 ~
$ docker node ls
[node1] (local) root@192.168.0.23 ~$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Ac
tive 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ date
Sun Jul 28 04:45:47 UTC 2019
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a94b251c4512 ubuntu:latest "sleep infinity" 7 minutes ago Up 7 minutes sleep-app.1.ccqjxztpwgp71vp1mltrqon9k
03fd033d6a89 ubuntu "sleep infinity" 9 minutes ago Up 9 minutes magical_dhawan
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$ docker node update --availability drain ^C
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Active 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker node update --availability drain 5m6d0kpfhtxlexjqfdgeen36p
5m6d0kpfhtxlexjqfdgeen36p
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Drain 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$
[node1] (local) root@192.168.0.23 ~
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
1ofs9nrhqk9fncucz7aq4gagr * node1 Ready Active Leader 19.03.0-beta2
5m6d0kpfhtxlexjqfdgeen36p node2 Ready Drain 19.03.0-beta2
i8igt9rtdmpboyy4geyudrzbd node3 Ready Active 19.03.0-beta2
[node1] (local) root@192.168.0.23 ~
$ docker service ps sleep-app
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
ccqjxztpwgp7 sleep-app.1 ubuntu:latest node1 Running Running 22 minutes ago
xhnnk882kanj sleep-app.2 ubuntu:latest node3 Running Running 22 minutes ago
he2en7xs7tao sleep-app.3 ubuntu:latest node1 Running Running about a minute ago
s20fyygsfwbp \_ sleep-app.3 ubuntu:latest node2 Shutdown Shutdown about a minute ago
3j2z7vihzvsq sleep-app.4 ubuntu:latest node3 Running Running 22 minutes ago
[node1] (local) root@192.168.0.23 ~
$ docker service rm sleep-app
sleep-app
[node1] (local) root@192.168.0.23 ~
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c785457c7ef7 ubuntu:latest "sleep infinity" About a minute ago Up About a minute sleep-app.3.he2en7xs7taoxxaysfdx4z7my
a94b251c4512 ubuntu:latest "sleep infinity" 22 minutes ago Up 22 minutes sleep-app.1.ccqjxztpwgp71vp1mltrqon9k
03fd033d6a89 ubuntu "sleep infinity" 25 minutes ago Up 24 minutes magical_dhawan
[node1] (local) root@192.168.0.23 ~
$ docker swarm leave --force
Node left the swarm.
Launch k8s multinode cluster using kubeadm
Launch a multi-node cluster using Kubeadm
master $ kubeadm init --token=102952.1a7dd4cc8d1f4cc5 --kubernetes-version $(kubeadm version -o short)
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.17.0.41]
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [master localhost] and IPs [172.17.0.41 127.0.0.1::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [master localhost] and IPs [172.17.0.41 127.0.0.1 ::1]
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
sudo cp /etc/kubernetes/admin.conf $HOME/
sudo chown $(id -u):$(id -g) $HOME/admin.conf
export KUBECONFIG=$HOME/admin.conf
[apiclient] All control plane components are healthy after 17.503192 seconds
[upload-config] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.14" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --experimental-upload-certs
[mark-control-plane] Marking the node master as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 102952.1a7dd4cc8d1f4cc5
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.17.0.41:6443 --token 102952.1a7dd4cc8d1f4cc5 \
--discovery-token-ca-cert-hash sha256:7c2920ac76f464c18d9d81d98c8b498e59aba7e34c06f3e679082b98f4a2760d
master $ sudo cp /etc/kubernetes/admin.conf $HOME/
master $ sudo chown $(id -u):$(id -g) $HOME/admin.conf
master $ export KUBECONFIG=$HOME/admin.conf
master $ sudo cp /etc/kubernetes/admin.conf $HOME/
master $ sudo chown $(id -u):$(id -g) $HOME/admin.conf
master $ export KUBECONFIG=$HOME/admin.conf
master $ cat /opt/weave-kube
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-net
labels:
name: weave-net
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-net
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- pods
- namespaces
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- 'networking.k8s.io'
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- nodes/status
verbs:
- patch
- update
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: weave-net
labels:
name: weave-net
roleRef:
kind: ClusterRole
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- weave-net
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
roleRef:
kind: Role
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-net
labels:
name: weave-net
namespace: kube-system
spec:
# Wait 5 seconds to let pod connect before rolling next pod
minReadySeconds: 5
template:
metadata:
labels:
name: weave-net
spec:
containers:
- name: weave
command:
- /home/weave/launch.sh
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-kube:2.5.1'
imagePullPolicy: Always
readinessProbe:
httpGet:
host: 127.0.0.1
path: /status
port: 6784
resources:
requests:
cpu: 10m
securityContext:
privileged: true
volumeMounts:
- name: weavedb
mountPath: /weavedb
- name: cni-bin
mountPath: /host/opt
- name: cni-bin2
mountPath: /host/home
- name: cni-conf
mountPath: /host/etc
- name: dbus
mountPath: /host/var/lib/dbus
- name: lib-modules
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: weave-npc
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-npc:2.5.1'
imagePullPolicy: Always
#npc-args
resources:
requests:
cpu: 10m
securityContext:
privileged: true
volumeMounts:
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
hostNetwork: true
hostPID: true
restartPolicy: Always
securityContext:
seLinuxOptions: {}
serviceAccountName: weave-net
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
- name: weavedb
hostPath:
path: /var/lib/weave
- name: cni-bin
hostPath:
path: /opt
- name: cni-bin2
hostPath:
path: /home
- name: cni-conf
hostPath:
path: /etc
- name: dbus
hostPath:
path: /var/lib/dbus
- name: lib-modules
hostPath:
path: /lib/modules
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
updateStrategy:
type: RollingUpdate
master $ kubectl apply -f /opt/weave-kube
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.extensions/weave-net created
master $ kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-fb8b8dccf-6xj2j 0/1 Pending 0 24s
coredns-fb8b8dccf-twd98 0/1 Pending 0 24s
kube-proxy-qnmdk 1/1 Running 0 24s
weave-net-dnjls 1/2 Running 0 9s
master $ kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
102952.1a7dd4cc8d1f4cc5 23h 2019-07-29T05:16:04Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
master $ kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 60s v1.14.0
node01 Ready 16s v1.14.0
master $ kubectl create deployment http --image=katacoda/docker-http-server:latest
deployment.apps/http created
master $ kubectl get pods
NAME READY STATUS RESTARTS AGE
http-7f8cbdf584-m8bwh 0/1 ContainerCreating 0 4s
master $ kubectl apply -f dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
master $ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-fb8b8dccf-6xj2j 1/1 Running 0 78s
coredns-fb8b8dccf-twd98 1/1 Running 0 78s
etcd-master 1/1 Running 0 24s
kube-apiserver-master 1/1 Running 0 6s
kube-controller-manager-master 1/1 Running 0 8s
kube-proxy-qnmdk 1/1 Running 0 78s
kube-proxy-r8l2x 1/1 Running 0 45s
kube-scheduler-master 1/1 Running 1 8s
kubernetes-dashboard-5f57845f9d-w5z6w 0/1 ContainerCreating 0 2s
weave-net-9k5hd 2/2 Running 1 45s
weave-net-dnjls 2/2 Running 0 63s
master $ cat <> apiVersion: v1
> kind: ServiceAccount
> metadata:
> name: admin-user
> namespace: kube-system
> ---
> apiVersion: rbac.authorization.k8s.io/v1beta1
> kind: ClusterRoleBinding
> metadata:
> name: admin-user
> roleRef:
> apiGroup: rbac.authorization.k8s.io
> kind: ClusterRole
> name: cluster-admin
> subjects:
> - kind: ServiceAccount
> name: admin-user
> namespace: kube-system
> EOF
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
master $ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-52c85
Namespace: kube-system
Labels:
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: ffa542de-b0f6-11e9-bc51-0242ac110029
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTUyYzg1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmZmE1NDJkZS1iMGY2LTExZTktYmM1MS0wMjQyYWMxMTAwMjkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.i-1LsFmtVq22K-GMTJh1oZrzd3fC1Qbs9a9RzvuAtDp3FUnj8kKpAqbhp7xajoWflZ5qXhaxvIho06YzyOacvzYhv6XshgnX82LRXmKOUAsijtMBLhIbg6dy2X1K5xoYWpQg_Niyqwoo9KQrFYP14TbTKBN5iquYms-MF1Snv8S96eFzUzBynqArA5V5shnHgx08IavaV0lOQxhytMscLrQk_bPwzzhYJ3Dh6PqzV67mzCjhU2UejJwX9lo0D0C2lUSMiUF09BCoC3fzfMa7oOICM963UErB_E4i-YvluHYKo2c7oSMAc0ivSodCOkCU8SnU3D3kg3UweDbRs2_60g
master $
===============================on NODE 2===========================
node01 $ kubeadm join --discovery-token-unsafe-skip-ca-verification --token=102952.1a7dd4cc8d1f4cc5 172.17.0.41:6443
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
node01 $ docker ps | grep docker-http-server
49cb04032e11 katacoda/docker-http-server "/app" 6 seconds ago Up 5 seconds k8s_docker-http-server_http-7f8cbdf584-m8bwh_default_f0c598b4-b0f6-11e9-bc51-0242ac110029_0
node01 $ docker ps | grep docker-http-server
49cb04032e11 katacoda/docker-http-server "/app" 7 seconds ago Up 7 seconds k8s_docker-http-server_http-7f8cbdf584-m8bwh_default_f0c598b4-b0f6-11e9-bc51-0242ac110029_0
node01 $
master $ kubeadm init --token=102952.1a7dd4cc8d1f4cc5 --kubernetes-version $(kubeadm version -o short)
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.17.0.41]
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [master localhost] and IPs [172.17.0.41 127.0.0.1::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [master localhost] and IPs [172.17.0.41 127.0.0.1 ::1]
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
sudo cp /etc/kubernetes/admin.conf $HOME/
sudo chown $(id -u):$(id -g) $HOME/admin.conf
export KUBECONFIG=$HOME/admin.conf
[apiclient] All control plane components are healthy after 17.503192 seconds
[upload-config] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.14" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --experimental-upload-certs
[mark-control-plane] Marking the node master as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 102952.1a7dd4cc8d1f4cc5
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.17.0.41:6443 --token 102952.1a7dd4cc8d1f4cc5 \
--discovery-token-ca-cert-hash sha256:7c2920ac76f464c18d9d81d98c8b498e59aba7e34c06f3e679082b98f4a2760d
master $ sudo cp /etc/kubernetes/admin.conf $HOME/
master $ sudo chown $(id -u):$(id -g) $HOME/admin.conf
master $ export KUBECONFIG=$HOME/admin.conf
master $ sudo cp /etc/kubernetes/admin.conf $HOME/
master $ sudo chown $(id -u):$(id -g) $HOME/admin.conf
master $ export KUBECONFIG=$HOME/admin.conf
master $ cat /opt/weave-kube
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-net
labels:
name: weave-net
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-net
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- pods
- namespaces
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- 'networking.k8s.io'
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- nodes/status
verbs:
- patch
- update
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: weave-net
labels:
name: weave-net
roleRef:
kind: ClusterRole
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- weave-net
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
roleRef:
kind: Role
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-net
labels:
name: weave-net
namespace: kube-system
spec:
# Wait 5 seconds to let pod connect before rolling next pod
minReadySeconds: 5
template:
metadata:
labels:
name: weave-net
spec:
containers:
- name: weave
command:
- /home/weave/launch.sh
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-kube:2.5.1'
imagePullPolicy: Always
readinessProbe:
httpGet:
host: 127.0.0.1
path: /status
port: 6784
resources:
requests:
cpu: 10m
securityContext:
privileged: true
volumeMounts:
- name: weavedb
mountPath: /weavedb
- name: cni-bin
mountPath: /host/opt
- name: cni-bin2
mountPath: /host/home
- name: cni-conf
mountPath: /host/etc
- name: dbus
mountPath: /host/var/lib/dbus
- name: lib-modules
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: weave-npc
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-npc:2.5.1'
imagePullPolicy: Always
#npc-args
resources:
requests:
cpu: 10m
securityContext:
privileged: true
volumeMounts:
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
hostNetwork: true
hostPID: true
restartPolicy: Always
securityContext:
seLinuxOptions: {}
serviceAccountName: weave-net
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
- name: weavedb
hostPath:
path: /var/lib/weave
- name: cni-bin
hostPath:
path: /opt
- name: cni-bin2
hostPath:
path: /home
- name: cni-conf
hostPath:
path: /etc
- name: dbus
hostPath:
path: /var/lib/dbus
- name: lib-modules
hostPath:
path: /lib/modules
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
updateStrategy:
type: RollingUpdate
master $ kubectl apply -f /opt/weave-kube
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.extensions/weave-net created
master $ kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-fb8b8dccf-6xj2j 0/1 Pending 0 24s
coredns-fb8b8dccf-twd98 0/1 Pending 0 24s
kube-proxy-qnmdk 1/1 Running 0 24s
weave-net-dnjls 1/2 Running 0 9s
master $ kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
102952.1a7dd4cc8d1f4cc5 23h 2019-07-29T05:16:04Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
master $ kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 60s v1.14.0
node01 Ready
master $ kubectl create deployment http --image=katacoda/docker-http-server:latest
deployment.apps/http created
master $ kubectl get pods
NAME READY STATUS RESTARTS AGE
http-7f8cbdf584-m8bwh 0/1 ContainerCreating 0 4s
master $ kubectl apply -f dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
master $ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-fb8b8dccf-6xj2j 1/1 Running 0 78s
coredns-fb8b8dccf-twd98 1/1 Running 0 78s
etcd-master 1/1 Running 0 24s
kube-apiserver-master 1/1 Running 0 6s
kube-controller-manager-master 1/1 Running 0 8s
kube-proxy-qnmdk 1/1 Running 0 78s
kube-proxy-r8l2x 1/1 Running 0 45s
kube-scheduler-master 1/1 Running 1 8s
kubernetes-dashboard-5f57845f9d-w5z6w 0/1 ContainerCreating 0 2s
weave-net-9k5hd 2/2 Running 1 45s
weave-net-dnjls 2/2 Running 0 63s
master $ cat <
> kind: ServiceAccount
> metadata:
> name: admin-user
> namespace: kube-system
> ---
> apiVersion: rbac.authorization.k8s.io/v1beta1
> kind: ClusterRoleBinding
> metadata:
> name: admin-user
> roleRef:
> apiGroup: rbac.authorization.k8s.io
> kind: ClusterRole
> name: cluster-admin
> subjects:
> - kind: ServiceAccount
> name: admin-user
> namespace: kube-system
> EOF
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
master $ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-52c85
Namespace: kube-system
Labels:
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: ffa542de-b0f6-11e9-bc51-0242ac110029
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTUyYzg1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmZmE1NDJkZS1iMGY2LTExZTktYmM1MS0wMjQyYWMxMTAwMjkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.i-1LsFmtVq22K-GMTJh1oZrzd3fC1Qbs9a9RzvuAtDp3FUnj8kKpAqbhp7xajoWflZ5qXhaxvIho06YzyOacvzYhv6XshgnX82LRXmKOUAsijtMBLhIbg6dy2X1K5xoYWpQg_Niyqwoo9KQrFYP14TbTKBN5iquYms-MF1Snv8S96eFzUzBynqArA5V5shnHgx08IavaV0lOQxhytMscLrQk_bPwzzhYJ3Dh6PqzV67mzCjhU2UejJwX9lo0D0C2lUSMiUF09BCoC3fzfMa7oOICM963UErB_E4i-YvluHYKo2c7oSMAc0ivSodCOkCU8SnU3D3kg3UweDbRs2_60g
master $
===============================on NODE 2===========================
node01 $ kubeadm join --discovery-token-unsafe-skip-ca-verification --token=102952.1a7dd4cc8d1f4cc5 172.17.0.41:6443
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
node01 $ docker ps | grep docker-http-server
49cb04032e11 katacoda/docker-http-server "/app" 6 seconds ago Up 5 seconds k8s_docker-http-server_http-7f8cbdf584-m8bwh_default_f0c598b4-b0f6-11e9-bc51-0242ac110029_0
node01 $ docker ps | grep docker-http-server
49cb04032e11 katacoda/docker-http-server "/app" 7 seconds ago Up 7 seconds k8s_docker-http-server_http-7f8cbdf584-m8bwh_default_f0c598b4-b0f6-11e9-bc51-0242ac110029_0
node01 $
Subscribe to:
Posts (Atom)