Vous êtes ici : Formations en Ligne Gratuites » Catalogue » workbooks » Préparation à la Certification K8S CKA » DOF309 - Gestion de Paquets pour Kubernetes avec Helm

Ceci est une ancienne révision du document !

Table des matières

DOF301 - Création de Clusters Kubernetes

Version - 2020.03

Dernière mise-à-jour : 2020/12/31 10:14

DOF301 - Création de Clusters Kubernetes

Contenu du Module

DOF301 - Création de Clusters Kubernetes
- Contenu du Module
- L'Orchestration de Conteneurs
- Présentation de Kubernetes (k8s)
  - Master
  - Nœuds (Minions)
- LAB #1 - Création du Cluster Kubernetes avec des Machines Virtuelles
  - 1.1 - Présentation
  - 1.2 - Créer le Réseau Privé Hôte 192.168.56.0/24
  - 1.3 - Démarrer les Machines Virtuelles
  - 1.4 - Connexion à la Machine Virtuelle kubemaster
  - 1.5 - Tester le Réseau
  - 1.6 - Initialisation du Maître du Cluster
  - 1.7 - Installation d'une Extension Réseau pour la Communication entre des PODs
  - 1.8 - Connexion des Travailleurs au Maître
- LAB #2 - Création du Cluster Kubernetes avec Minikube
  - 2.1 - Présentation de Minikube
  - 2.2 - Installation de Minikube
  - 2.3 - Configuration de Minikube
  - 2.4 - Installation de kubectl
  - 2.5 - Mettre à jour Minikube
  - 2.6 - La Commande minikube dashboard
  - 2.7 - La Commande minikube addons
- LAB #3 - Création du Cluster Kubernetes avec kind
  - 3.1 - Présentation de kind
  - 3.2 - Installation de Docker-CE
  - 3.3 - Installation de kubelet, kubeadm et kubectl
  - 3.4 - Installation de kind et Démarrage du Cluster

L'Orchestration de Conteneurs

Les principales solutions de la containérisation sont :

Docker,
Container Linux qui utilise rkt (anciennement Rocket),
CRI-O.

Les principales solutions d'orchestration de conteneurs sont :

Docker Swarm,
Kubernetes,
Mesos.

L'orchestration de conteneurs apporte :

La haute disponibilité,
L'équilibrage de charge,
L'augmentation et la réduction du Services (Scale up / scale down).

Présentation de Kubernetes (k8s)

Master

Contrôleur du cluster,
Responsable de l'orchestration.

Le Master contient :

Serveur API,
- Front end,
Service etcd,
- Key-value store qui stocke toutes les données utilisées pour gérer le cluster et gérer les verrous,
Contrôleur,
- Surveille l'état des conteneurs, nœuds et end-points. Responsable de la mise en place de nouveaux conteneurs en cas de défaillances.
Ordonnanceur,
- Distribue les conteneurs existants aux nœuds et cherche des nouveaux conteneurs et les attribue aux nœuds.

Certains ports doivent être ouverts sur le noeud maître :

Protocole	Direction	Port(s)	Exécutable
TCP	Entrante	6443	Kubernetes API server
TCP	Entrante	2379-2380	etcd server client API
TCP	Entrante	10250	Kubelet API
TCP	Entrante	10251	kube-scheduler
TCP	Entrante	10252	kube-controller-manager

Noeuds (Minions)

Machine physique ou virtuelle sur laquelle est installé Kubernetes,
Un travailleur sur lequel Kubernetes lance des conteneurs,

Le Nœud contient :

Service kubelet,
- Agent qui s'exécute sur chaque noeud. Responsable de la surveillance des conteneurs.
Container runtime,
- Docker,
- rkt (rocket),
- CRI-O (crio).

Certains ports doivent être ouverts sur chaque noeud travailleur :

Protocole	Direction	Port(s)	Exécutable
TCP	Entrante	10250	Kubelet API
TCP	Entrante	30000-32767	Services NodePort

LAB #1 - Création du Cluster Kubernetes avec des Machines Virtuelles

1.1 - Présentation

Notez que les machines virtuelles utilisées avec Kubernetes doivent être sous une des distributions suivantes :

Ubuntu 16.04+,
Debian 9+,
CentOS 7,
RHEL 7,
Fedora 25+,
HypriotOS v1.0.1+,
Flatcar Container Linux (tested with 2512.3.0).

Chaque machine doit avoir :

Un minimum de 2 GO de RAM,
Un minimum de 2 CPU.

Les machines doivent :

être dans le même réseau,
posséder un nom d'hôte unique, une adresse MAC unique ainsi qu'un product_uuid unique,
avoir le swap désactivé,
avoir l'utilisation de dnsmasq par NetworkManager sous Systemd désactivée.

Le serveur que vous utilisez est muni de VirtualBox. Trois machines virtuelles Debian 9 ont été configurées selon le tableau ci-dessous :

Machine Virtuelle	Nom d'hôte	Interface 1	Redirection de Port	Interface 2	Redirection de Port
kubemaster	kubemaster.ittraining.loc	10.0.2.15	2022 > 22	192.168.56.2	Aucune
kubenode1	kubenode1.ittraining.loc	10.0.2.15	3022 > 22	192.168.56.3	Aucune
kubenode2	kubenode2.ittraining.loc	10.0.2.15	4022 > 22	192.168.56.4	Aucune

Les noms d'utilisateurs et les mots de passe sont :

Utilisateur	Mot de Passe
trainee	trainee
root	fenestros

Important : Chaque machine virtuelle a été pré-installée avec Docker, kubeadm, kubelet et kubectl.

1.2 - Créer le Réseau Privé Hôte 192.168.56.0/24

Créez le Réseau Privé Hôte 192.168.56.0/24 qui permettra la communication entre les trois machines virtuelles kubemaster, kubenode1 et kubenode2 :

desktop@serverXX:~$ VBoxManage hostonlyif create
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Interface 'vboxnet0' was successfully created

1.3 - Démarrer les Machines Virtuelles

Pour lancer la machine kubemaster, utilisez la commande suivante à partir de votre serveur dédié :

desktop@serverXX:~$ VBoxManage startvm kubemaster --type headless
Waiting for VM "kubemaster" to power on...
VM "kubemaster" has been successfully started.

Pour lancer la machine kubenode1, utilisez la commande suivante à partir de votre serveur dédié :

desktop@serverXX:~$ VBoxManage startvm kubenode1 --type headless
Waiting for VM "kubenode1" to power on...
VM "kubenode1" has been successfully started.

Pour lancer la machine kubenode2, utilisez la commande suivante à partir de votre serveur dédié :

desktop@serverXX:~$ VBoxManage startvm kubenode2 --type headless
Waiting for VM "kubenode2" to power on...
VM "kubenode2" has been successfully started.

1.4 - Connexion à la Machine Virtuelle kubemaster

Tapez la commande suivante pour vous connecter à la machine kubemaster :

desktop@serverXX:~$ ssh -l trainee 192.168.56.2

1.5 - Tester le Réseau

Vérifiez la connectivité de chaque machine virtuelle :

trainee@kubemaster:~$ ping -c 4 192.168.56.3
PING 192.168.56.3 (192.168.56.3) 56(84) bytes of data.
64 bytes from 192.168.56.3: icmp_seq=1 ttl=64 time=0.762 ms
64 bytes from 192.168.56.3: icmp_seq=2 ttl=64 time=0.765 ms
64 bytes from 192.168.56.3: icmp_seq=3 ttl=64 time=0.819 ms
64 bytes from 192.168.56.3: icmp_seq=4 ttl=64 time=0.682 ms

--- 192.168.56.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 0.682/0.757/0.819/0.048 ms
trainee@kubemaster:~$ ping -c 4 192.168.56.4
PING 192.168.56.4 (192.168.56.4) 56(84) bytes of data.
64 bytes from 192.168.56.4: icmp_seq=1 ttl=64 time=1.26 ms
64 bytes from 192.168.56.4: icmp_seq=2 ttl=64 time=0.710 ms
64 bytes from 192.168.56.4: icmp_seq=3 ttl=64 time=0.684 ms
64 bytes from 192.168.56.4: icmp_seq=4 ttl=64 time=0.710 ms

--- 192.168.56.4 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.684/0.841/1.260/0.242 ms
trainee@kubemaster:~$ ping -c 4 www.free.fr
PING www.free.fr (212.27.48.10) 56(84) bytes of data.
64 bytes from www.free.fr (212.27.48.10): icmp_seq=1 ttl=53 time=64.6 ms
64 bytes from www.free.fr (212.27.48.10): icmp_seq=2 ttl=53 time=76.3 ms
64 bytes from www.free.fr (212.27.48.10): icmp_seq=3 ttl=53 time=75.3 ms
64 bytes from www.free.fr (212.27.48.10): icmp_seq=4 ttl=53 time=87.2 ms

--- www.free.fr ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 64.674/75.894/87.200/7.975 ms

1.6 - Initialisation du Maître du Cluster

Initialisez le maître du cluster kubemaster en spécifiant le CIDR de l'extension réseau Calico ainsi que l'adresse IP du maître :

trainee@kubemaster:~$ su -
Mot de passe : fenestros
root@kubemaster:~# kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=192.168.56.2
W0922 10:24:14.615373    1711 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.19.2
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: missing optional cgroups: hugetlb
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubemaster.ittraining.loc kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.56.2]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [kubemaster.ittraining.loc localhost] and IPs [192.168.56.2 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [kubemaster.ittraining.loc localhost] and IPs [192.168.56.2 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 17.505264 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.19" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node kubemaster.ittraining.loc as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node kubemaster.ittraining.loc as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: d5hb0g.a45h8d6qczwi3g5w
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.56.2:6443 --token d5hb0g.a45h8d6qczwi3g5w \
    --discovery-token-ca-cert-hash sha256:979365a44435cd3cd9bd364357b6b59d0f759606f2d9de98f121c1b56b3c20b4

Important : Notez le message Your Kubernetes control-plane has initialized successfully.

A Faire : Copiez dans un fichier la dernière ligne de la sortie, par exemple kubeadm join 192.168.56.2:6443 –token d5hb0g.a45h8d6qczwi3g5w –discovery-token-ca-cert-hash sha256:979365a44435cd3cd9bd364357b6b59d0f759606f2d9de98f121c1b56b3c20b4.

Créez maintenant la variable KUBECONFIG :

root@kubemaster:~# export KUBECONFIG=/etc/kubernetes/admin.conf

Insérez les deux lignes suivantes à la fin du fichier /root/.bashrc :

root@kubemaster:~# vi .bashrc
root@kubemaster:~# tail .bashrc
...
KUBECONFIG=/etc/kubernetes/admin.conf
export KUBECONFIG

1.7 - Installation d'une Extension Réseau pour la Communication entre des PODs

Afin que les PODs puissent communiquer entre eux, il faut installer une extension pour le réseau . Il existe plusieurs extensions sur lesquelles nous reviendrons plus tard dans ce cours :

Calico,
Cilium,
Flannel,
Kube-router,
Romana,
WeaveNet,
Antrea,
kube-ovn,
Canal (utilise Flannel pour le réseau et Calico pour le pare-feu).

Afin d'obtenir un cluster fonctionnel, nous allons utiliser la première extension de la liste, à savoir Calico :

root@kubemaster:~# curl https://docs.projectcalico.org/v3.10/manifests/calico.yaml -O
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 20679  100 20679    0     0  71889      0 --:--:-- --:--:-- --:--:-- 71802
root@kubemaster:~# ls
calico.yaml
root@kubemaster:~# kubectl apply -f calico.yaml
configmap/calico-config created
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created

Vérifiez que tout est dans un état Running :

root@kubemaster:~# kubectl get pods --all-namespaces
NAMESPACE     NAME                                                READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-7854b85cf7-hk62x            1/1     Running   0          53s
kube-system   calico-node-pxjt4                                   1/1     Running   0          53s
kube-system   coredns-f9fd979d6-77g4x                             1/1     Running   0          33m
kube-system   coredns-f9fd979d6-stw5f                             1/1     Running   0          33m
kube-system   etcd-kubemaster.ittraining.loc                      1/1     Running   0          34m
kube-system   kube-apiserver-kubemaster.ittraining.loc            1/1     Running   0          34m
kube-system   kube-controller-manager-kubemaster.ittraining.loc   1/1     Running   0          34m
kube-system   kube-proxy-n4qn2                                    1/1     Running   0          33m
kube-system   kube-scheduler-kubemaster.ittraining.loc            1/1     Running   0          34m

1.8 - Connexion des Travailleurs au Maître

Si vous avez oublié de copier la commande kudadm join, exécutez la commande kubeadm token create –print-join-command et copiez la sortie de la commande :

root@kubemaster:~# kubeadm token create --print-join-command
W0922 11:01:22.063743   14065 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 192.168.56.2:6443 --token rcm3uz.lq4dshqdr00wkkpf     --discovery-token-ca-cert-hash sha256:979365a44435cd3cd9bd364357b6b59d0f759606f2d9de98f121c1b56b3c20b4

Connectez-vous à kubenode1 :

root@kubemaster:~# ssh -l trainee kubenode1
The authenticity of host 'kubenode1 (192.168.56.3)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'kubenode1,192.168.56.3' (ECDSA) to the list of known hosts.
trainee@kubenode1's password: trainee
Linux kubenode1.ittraining.loc 4.9.0-13-amd64 #1 SMP Debian 4.9.228-1 (2020-07-05) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Sep 21 20:13:58 2020 from 192.168.56.1
trainee@kubenode1:~$

Utilisez maintenant la commande copiée pour joindre le nœud au cluster :

trainee@kubenode1:~$ su -
Mot de passe : fenestros
root@kubenode1:~# kubeadm join 192.168.56.2:6443 --token rcm3uz.lq4dshqdr00wkkpf     --discovery-token-ca-cert-hash sha256:979365a44435cd3cd9bd364357b6b59d0f759606f2d9de98f121c1b56b3c20b4
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: missing optional cgroups: hugetlb
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

Déconnectez-vous de kubenode1 et connectez-vous à kubenode2 :

root@kubenode1:~# exit
déconnexion
trainee@kubenode1:~$ exit
déconnexion
Connection to kubenode1 closed.
root@kubemaster:~# ssh -l trainee kubenode2
The authenticity of host 'kubenode2 (192.168.56.4)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'kubenode2,192.168.56.4' (ECDSA) to the list of known hosts.
trainee@kubenode2's password: trainee
Linux kubenode2.ittraining.loc 4.9.0-13-amd64 #1 SMP Debian 4.9.228-1 (2020-07-05) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Sep 21 20:14:15 2020 from 192.168.56.1
trainee@kubenode2:~$

Utilisez maintenant la commande copiée pour joindre le nœud au cluster :

trainee@kubenode2:~$ su -
Mot de passe : fenestros
root@kubenode2:~# kubeadm join 192.168.56.2:6443 --token rcm3uz.lq4dshqdr00wkkpf     --discovery-token-ca-cert-hash sha256:979365a44435cd3cd9bd364357b6b59d0f759606f2d9de98f121c1b56b3c20b4
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: missing optional cgroups: hugetlb
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

Attendez que l'état des nœuds soit Ready :

root@kubenode2:~# exit
déconnexion
trainee@kubenode2:~$ exit
déconnexion
Connection to kubenode2 closed.
root@kubemaster:~#
root@kubemaster:~# kubectl get nodes
NAME                        STATUS   ROLES    AGE     VERSION
kubemaster.ittraining.loc   Ready    master   48m     v1.19.2
kubenode1.ittraining.loc    Ready    <none>   5m44s   v1.19.2
kubenode2.ittraining.loc    Ready    <none>   57s     v1.19.2

Arrêtez maintenant les machines virtuelles :

root@kubemaster:~# exit
déconnexion
trainee@kubemaster:~$ exit
déconnexion
Connection to kubemaster closed.

desktop@serverXX:~$ VBoxManage controlvm kubenode2 poweroff
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

desktop@serverXX:~$ VBoxManage controlvm kubenode1 poweroff
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

desktop@serverXX:~$ VBoxManage controlvm kubemaster poweroff
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Ensuite restaurez l'état d'origine des machines virtuelles :

desktop@serverXX:~$ VBoxManage snapshot kubenode2 restore snapshot1
Restoring snapshot 'snapshot1' (22df4e22-876a-4e94-88a8-8422a3a6b158)
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

desktop@serverXX:~$ VBoxManage snapshot kubenode1 restore snapshot1
Restoring snapshot 'snapshot1' (22df4e22-876a-4e94-88a8-8422a3a6b158)
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

desktop@serverXX:~$ VBoxManage snapshot kubemaster restore snapshot1
Restoring snapshot 'snapshot1' (22df4e22-876a-4e94-88a8-8422a3a6b158)
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Dernièrement supprimez le Réseau Privé Hôte 192.168.56.0/24 :

desktop@serverXX:~$ VBoxManage hostonlyif remove "vboxnet0"
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

</code>

LAB #2 - Création du Cluster Kubernetes avec Minikube

2.1 - Présentation de Minikube

Pour installer Kubernetes rapidement et facilement il convient d'utiliser Minikube. Minikube permet de créer un cluster avec un seul nœud.

2.2 - Installation de Minikube

Commencez par télécharger Minikube :

desktop@serverXX:~$ wget  https://github.com/kubernetes/minikube/releases/download/v1.14.2/minikube-linux-amd64
--2020-11-18 09:43:17--  https://github.com/kubernetes/minikube/releases/download/v1.14.2/minikube-linux-amd64
Resolving github.com (github.com)... 140.82.121.4
Connecting to github.com (github.com)|140.82.121.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/56353740/3cc4d800-186c-11eb-8c88-776be2397800?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20201118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201118T084317Z&X-Amz-Expires=300&X-Amz-Signature=2b7ea6ead1e1297d491db1c514347b1f97e2665bd72014e5fa1730aa7b68a2be&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=56353740&response-content-disposition=attachment%3B%20filename%3Dminikube-linux-amd64&response-content-type=application%2Foctet-stream [following]
--2020-11-18 09:43:17--  https://github-production-release-asset-2e65be.s3.amazonaws.com/56353740/3cc4d800-186c-11eb-8c88-776be2397800?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20201118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201118T084317Z&X-Amz-Expires=300&X-Amz-Signature=2b7ea6ead1e1297d491db1c514347b1f97e2665bd72014e5fa1730aa7b68a2be&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=56353740&response-content-disposition=attachment%3B%20filename%3Dminikube-linux-amd64&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.113.131
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.113.131|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 55960880 (53M) [application/octet-stream]
Saving to: ‘minikube-linux-amd64’

minikube-linux-amd64                                        100%[=========================================================================================================================================>]  53.37M  10.7MB/s    in 5.8s    

2020-11-18 09:43:24 (9.24 MB/s) - ‘minikube-linux-amd64’ saved [55960880/55960880]

Renommez le binaire téléchargé et rendez-le exécutable :

desktop@serverXX:~$ mv minikube-linux-amd64 minikube
desktop@serverXX:~$ chmod u+x minikube

Déplacez ensuite le binaire minikube dans le répertoire /usr/local/bin/ :

desktop@serverXX:~$ sudo mv minikube /usr/local/bin/ 
[sudo] password for desktop:

Testez ensuite l'installation avec la commande minikube version :

desktop@serverXX:~$ minikube version
minikube version: v1.14.2
commit: 2c82918e2347188e21c4e44c8056fc80408bce10

2.3 - Configuration de Minikube

Configurez maintenant l'hyperviseur par défaut de minikube :

desktop@serverXX:~$ minikube config set vm-driver virtualbox
❗  These changes will take effect upon a minikube delete and then a minikube start

Vérifiez la prise en charge de la dernière commande :

desktop@serverXX:~$ minikube config get vm-driver
virtualbox

Par défaut, lors de démarrage de Minikube, celui-ci va allouer 2 vCPUs et 2Go de RAM à sa machine virtuelle. Augmentez la quantité de mémoire qui sera allouée avec la commande suivante :

desktop@serverXX:~$ minikube config set memory 4000
❗  These changes will take effect upon a minikube delete and then a minikube start

Vérifiez la prise en charge de la dernière commande :

desktop@serverXX:~$ minikube config get memory
4000

2.4 - Installation de kubectl

Démarrez maintenant Minikube :

desktop@serverXX:~$ minikube start
😄  minikube v1.14.2 on Ubuntu 16.04
✨  Using the virtualbox driver based on user configuration
💿  Downloading VM boot image ...
    > minikube-v1.14.0.iso.sha256: 65 B / 65 B [-------------] 100.00% ? p/s 0s
    > minikube-v1.14.0.iso: 178.27 MiB / 178.27 MiB [] 100.00% 9.08 MiB p/s 19s
👍  Starting control plane node minikube in cluster minikube
💾  Downloading Kubernetes v1.19.2 preload ...
    > preloaded-images-k8s-v6-v1.19.2-docker-overlay2-amd64.tar.lz4: 486.33 MiB
🔥  Creating virtualbox VM (CPUs=2, Memory=4000MB, Disk=20000MB) ...
🐳  Preparing Kubernetes v1.19.2 on Docker 19.03.12 ...
🔎  Verifying Kubernetes components...
🌟  Enabled addons: default-storageclass, storage-provisioner
💡  kubectl not found. If you need it, try: 'minikube kubectl -- get pods -A'
🏄  Done! kubectl is now configured to use "minikube" by default

Notez l'erreur kubectl not found.. Exécutez donc la commande minikube kubectl – get pods -A pour installer kubectl :

desktop@serverXX:~$ minikube kubectl -- get pods -A
    > kubectl.sha256: 65 B / 65 B [--------------------------] 100.00% ? p/s 0s
    > kubectl: 41.01 MiB / 41.01 MiB [---------------] 100.00% 11.43 MiB p/s 3s
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
kube-system   coredns-f9fd979d6-d97dg            1/1     Running   0          17m
kube-system   etcd-minikube                      1/1     Running   0          17m
kube-system   kube-apiserver-minikube            1/1     Running   0          17m
kube-system   kube-controller-manager-minikube   1/1     Running   0          17m
kube-system   kube-proxy-vqmqd                   1/1     Running   0          17m
kube-system   kube-scheduler-minikube            1/1     Running   0          17m
kube-system   storage-provisioner                1/1     Running   0          17m

Consultez la liste des machines virtuelles en cours d'exécution :

desktop@serverXX:~$ VBoxManage list runningvms
"minikube" {1b656fb9-ea02-4b0c-baeb-f25dbd9813bd}

Arrêtez maintenant Minikube :

desktop@serverXX:~$ minikube stop
✋  Stopping node "minikube"  ...
🛑  1 nodes stopped.

Notez que, bien qu'arrêtée, la machine virtuelle minikube est toujours présente :

desktop@serverXX:~$ VBoxManage list runningvms
desktop@serverXX:~$ VBoxManage list vms
"Ansible" {91ba383a-cb9e-49ee-aa9c-c4bbf5b52894}
"CentOS_7" {ef84d93f-1964-43a5-a6a9-0b205c2b2af4}
"Debian_9" {c46d614a-866f-4609-aaa0-0ae44a2af9bf}
"Debian_9_1" {1c884792-f34a-4aae-95f4-eb2ad23156ee}
"Manager" {2176d97f-4e8e-428b-8d88-c8234bfc8294}
"TargetA" {f552b529-3064-4791-a5d8-47c542f3b572}
"TargetB" {21aa961c-b181-41f7-9978-94e95131c16a}
"Web01" {aa2afa3c-1fde-4723-8cd0-cf5d4941b8c8}
"Web02" {1c02a19d-5adf-4c4e-9ab9-8816f4561e35}
"Web03" {3bc94079-7dcf-41f3-964d-d7453e231658}
"Web04" {692c1f49-7a0d-41c2-b5ef-3df055906216}
"Worker1" {0f976eda-895e-4022-a5ca-24946822d88a}
"Worker2" {00e75205-694c-4c60-9533-a294a008df2b}
"Windows10" {09710adb-3fde-4f56-a1c4-87ee5d5a40a2}
"CentOS_8" {1534479b-922f-4a16-b8ab-d4c64485f38b}
"Debian_10" {46bd607e-7c1a-4985-9437-5e5788460a09}
"CentOS_7 1" {5d0ce034-b759-4ccf-a449-28aea94a7d93}
"Debian_9 1" {f6c8c63b-68a0-40c0-ac0e-861397c80ff3}
"Debian_9_1 1" {3538f398-a7fc-48cf-a915-5aaa7dc0db1f}
"kubemaster 1" {6df7d88c-18a7-4f8f-a504-28b357b85583}
"kubemaster" {88755cef-524a-45ae-b64c-9d8274ce3d27}
"kubenode1" {e05d0605-36f9-4b8d-acc8-07e16152222d}
"kubenode2" {af2c11a5-19d3-4f22-82dd-b5f8fb6b1205}
"minikube" {1b656fb9-ea02-4b0c-baeb-f25dbd9813bd}

Pour détruire le cluster Kubernetes ainsi que la machine virtuelle minikube, il convient d'utiliser la commande minikube delete :

desktop@serverXX:~$ minikube delete
🔥  Deleting "minikube" in virtualbox ...
💀  Removed all traces of the "minikube" cluster.

Démarrez de nouveau minikube :

desktop@serverXX:~$ minikube start
😄  minikube v1.14.2 on Ubuntu 16.04
✨  Using the virtualbox driver based on user configuration
👍  Starting control plane node minikube in cluster minikube
🔥  Creating virtualbox VM (CPUs=2, Memory=4000MB, Disk=20000MB) ...
🐳  Preparing Kubernetes v1.19.2 on Docker 19.03.12 ...
🔎  Verifying Kubernetes components...
🌟  Enabled addons: storage-provisioner, default-storageclass
💡  kubectl not found. If you need it, try: 'minikube kubectl -- get pods -A'
🏄  Done! kubectl is now configured to use "minikube" by default
desktop@serverXX:~$ minikube kubectl -- get pods -A
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
kube-system   coredns-f9fd979d6-gmzps            0/1     Pending   0          16s
kube-system   etcd-minikube                      0/1     Running   0          15s
kube-system   kube-apiserver-minikube            1/1     Running   0          15s
kube-system   kube-controller-manager-minikube   0/1     Running   0          15s
kube-system   kube-proxy-d4cs2                   1/1     Running   0          16s
kube-system   kube-scheduler-minikube            0/1     Running   0          15s
kube-system   storage-provisioner                0/1     Pending   0          21s

Contrôlez la version de kubectl qui a été installée :

desktop@serverXX:~$ minikube kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:41:02Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:32:58Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}

Important : La sortie de cette commande indique une version 1.19.2 de Kubernetes. Par conséquence, nous avons besoin d'une version 3.4.x de Helm.

La version de kubectl installée par minikube se trouve dans le répertoire /home/desktop/.minikube/cache/linux/v1.19.2/ :

desktop@serverXX:~$ ls -l /home/desktop/.minikube/cache/linux/v1.19.2/kubectl
-rwxr-xr-x 1 desktop desktop 43003904 Nov 13 15:53 /home/desktop/.minikube/cache/linux/v1.19.2/kubectl

Pour une utilisation plus facile, copiez la commande vers le répertoire /usr/local/bin/ :

desktop@serverXX:~$ sudo cp /home/desktop/.minikube/cache/linux/v1.19.2/kubectl /usr/local/bin
[sudo] password for desktop:

Vérifiez ensuite que la commande est disponible :

desktop@serverXX:~$ which kubectl
/usr/local/bin/kubectl

2.5 - Mettre à jour Minikube

Vérifiez maintenant si une mise à jour de minikube est disponible :

desktop@serverXX:~$ minikube update-check
CurrentVersion: v1.14.2
LatestVersion: v1.15.1

Pour mettre à jour minikube, arrêtez celui-ci et supprimer le cluster Kebernetes ainsi que la machine virtuelle :

desktop@serverXX:~$ minikube stop
✋  Stopping node "minikube"  ...
🛑  1 nodes stopped.
desktop@serverXX:~$ minikube delete
🔥  Deleting "minikube" in virtualbox ...
💀  Removed all traces of the "minikube" cluster

La configuration de minikube est stockée dans le répertoire ~/.minikube/ :

desktop@serverXX:~$ ls -l .minikube/
total 64
drwxrwxr-x 2 desktop desktop 4096 Nov 13 15:23 addons
drwxrwxr-x 5 desktop desktop 4096 Nov 13 15:53 cache
-rw-r--r-- 1 desktop desktop 1111 Nov 13 15:35 ca.crt
-rw------- 1 desktop desktop 1675 Nov 13 15:35 ca.key
-rwxrwxr-x 1 desktop desktop 1078 Nov 25 11:37 ca.pem
-rwxrwxr-x 1 desktop desktop 1123 Nov 25 11:37 cert.pem
drwxrwxr-x 2 desktop desktop 4096 Nov 13 15:34 certs
drwxrwxr-x 2 desktop desktop 4096 Nov 13 15:26 config
drwxrwxr-x 2 desktop desktop 4096 Nov 13 15:23 files
-rwxrwxr-x 1 desktop desktop 1679 Nov 25 11:37 key.pem
-rw-r--r-- 1 desktop desktop   29 Nov 25 10:22 last_update_check
drwxrwxr-x 2 desktop desktop 4096 Nov 13 15:23 logs
drwxrwxr-x 2 desktop desktop 4096 Nov 28 17:34 machines
drwxrwxr-x 2 desktop desktop 4096 Nov 28 17:34 profiles
-rw-r--r-- 1 desktop desktop 1119 Nov 13 15:35 proxy-client-ca.crt
-rw------- 1 desktop desktop 1679 Nov 13 15:35 proxy-client-ca.key

Supprimez ce répertoire :

desktop@serverXX:~$ rm -rf .minikube

Téléchargez la nouvelle version de minikube :

desktop@serverXX:~$ curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 53.5M  100 53.5M    0     0  10.1M      0  0:00:05  0:00:05 --:--:-- 10.8M
desktop@serverXX:~$ sudo install minikube-linux-amd64 /usr/local/bin/minikube
[sudo] password for desktop:

Configurez minikube comme indique précédement :

desktop@serverXX:~$ minikube config set vm-driver virtualbox
❗  These changes will take effect upon a minikube delete and then a minikube start
desktop@serverXX:~$ minikube config set memory 4000
❗  These changes will take effect upon a minikube delete and then a minikube start

Démarrez la nouvelle verstion de minikube :

desktop@serverXX:~$ minikube start
😄  minikube v1.15.1 on Ubuntu 16.04
✨  Using the virtualbox driver based on user configuration
💿  Downloading VM boot image ...
    > minikube-v1.15.0.iso.sha256: 65 B / 65 B [-------------] 100.00% ? p/s 0s
    > minikube-v1.15.0.iso: 181.00 MiB / 181.00 MiB [ 100.00% 10.49 MiB p/s 17s
👍  Starting control plane node minikube in cluster minikube
💾  Downloading Kubernetes v1.19.4 preload ...
    > preloaded-images-k8s-v6-v1.19.4-docker-overlay2-amd64.tar.lz4: 486.35 MiB
🔥  Creating virtualbox VM (CPUs=2, Memory=4000MB, Disk=20000MB) ...
🐳  Preparing Kubernetes v1.19.4 on Docker 19.03.13 ...
🔎  Verifying Kubernetes components...
🌟  Enabled addons: default-storageclass, storage-provisioner
🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

Vérifiez la version de minikube :

desktop@serverXX:~$ minikube version
minikube version: v1.15.1
commit: 23f40a012abb52eff365ff99a709501a61ac

Téléchargez le binaire kubectl :

desktop@serverXX:~$ minikube kubectl -- get pods -A
    > kubectl.sha256: 64 B / 64 B [--------------------------] 100.00% ? p/s 0s
    > kubectl: 41.01 MiB / 41.01 MiB [----------------] 100.00% 8.45 MiB p/s 5s
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
kube-system   coredns-f9fd979d6-tb259            1/1     Running   0          73s
kube-system   etcd-minikube                      0/1     Running   0          72s
kube-system   kube-apiserver-minikube            1/1     Running   0          72s
kube-system   kube-controller-manager-minikube   0/1     Running   0          72s
kube-system   kube-proxy-plnnh                   1/1     Running   0          73s
kube-system   kube-scheduler-minikube            0/1     Running   0          72s
kube-system   storage-provisioner                1/1     Running   0          78s

Contrôlez la version de kubectl qui a été installée :

desktop@serverXX:~$ minikube kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.4", GitCommit:"d360454c9bcd1634cf4cc52d1867af5491dc9c5f", GitTreeState:"clean", BuildDate:"2020-11-11T13:17:17Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.4", GitCommit:"d360454c9bcd1634cf4cc52d1867af5491dc9c5f", GitTreeState:"clean", BuildDate:"2020-11-11T13:09:17Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

Important : La sortie de cette commande indique une version 1.19.4 de Kubernetes.

La version de kubectl installée par minikube se trouve dans le répertoire /home/desktop/.minikube/cache/linux/v1.19.4/ :

desktop@serverXX:~$ ls -l /home/desktop/.minikube/cache/linux/v1.19.4/kubectl
-rwxr-xr-x 1 desktop desktop 43003904 Nov 28 17:56 /home/desktop/.minikube/cache/linux/v1.19.4/kubectl

Pour une utilisation plus facile, copiez la commande vers le répertoire /usr/local/bin/ :

desktop@serverXX:~$ sudo rm -f /usr/local/bin/kubectl 
[sudo] password for desktop: 
desktop@serverXX:~$ sudo cp /home/desktop/.minikube/cache/linux/v1.19.4/kubectl /usr/local/bin

Vérifiez ensuite que la commande est disponible :

desktop@serverXX:~$ which kubectl
/usr/local/bin/kubectl

2.6 - La Commande minikube dashboard

Minikube embarque l'application Kubernetes Dashboard. Pour consulter le Dashboard, ouvrez une connexion à votre serveur cloud en mode graphique. Naviguez au site https://wiki.x2go.org/doku.php/download:start et téléchargez le client X2Go pour votre architecture (Linux, Window™ ou macOS™):

Installez le client, ouvrez l'application et créez une nouvelle session en remplaçant la valeur XX par le numéro du serveur qui vous a été communiqué par votre formateur :

Vous verrez apparaître une boîte represantant votre nouvelle connexion à droite de l'écran :

Cliquez sur cette boîte puis renseignez le mot de passe de votre serveur dans le cloud et cliquez sur le bouton ok :

A l'issu de quelques minutes vou aurez accès à votre serveur dans le cloud en mode graphique :

Ouvrez un terminal en mode graphique et exécutez la commande minikube dashboard :

desktop@serverXX:~$ minikube dashboard
* Verifying dashboard health ...
* Launching proxy ...
* Verifying proxy health ...
* Opening http://127.0.0.1:44979/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/ in your default browser...

Le navigateur Firefox sera lancé vous donnant accès à Kubernetes Dashboard :

Revenez à la fenêtre de connexion en SSH à votre serveur.

2.7 - La Commande minikube addons

Minikube utilise des modules. Ces modules sont appelés des addons. Pour consulter les addons installés ainsi que leurs statuts, utilisez la commande minikube addons list :

desktop@serverXX:~$ minikube addons list
|-----------------------------|----------|--------------|
|         ADDON NAME          | PROFILE  |    STATUS    |
|-----------------------------|----------|--------------|
| ambassador                  | minikube | disabled     |
| csi-hostpath-driver         | minikube | disabled     |
| dashboard                   | minikube | enabled ✅   |
| default-storageclass        | minikube | enabled ✅   |
| efk                         | minikube | disabled     |
| freshpod                    | minikube | disabled     |
| gcp-auth                    | minikube | disabled     |
| gvisor                      | minikube | disabled     |
| helm-tiller                 | minikube | disabled     |
| ingress                     | minikube | disabled     |
| ingress-dns                 | minikube | disabled     |
| istio                       | minikube | disabled     |
| istio-provisioner           | minikube | disabled     |
| kubevirt                    | minikube | disabled     |
| logviewer                   | minikube | disabled     |
| metallb                     | minikube | disabled     |
| metrics-server              | minikube | disabled     |
| nvidia-driver-installer     | minikube | disabled     |
| nvidia-gpu-device-plugin    | minikube | disabled     |
| olm                         | minikube | disabled     |
| pod-security-policy         | minikube | disabled     |
| registry                    | minikube | disabled     |
| registry-aliases            | minikube | disabled     |
| registry-creds              | minikube | disabled     |
| storage-provisioner         | minikube | enabled ✅   |
| storage-provisioner-gluster | minikube | disabled     |
| volumesnapshots             | minikube | disabled     |
|-----------------------------|----------|--------------|

Pour activer le module metrics-server, utilisez la commande minikube addons enable :

desktop@serverXX:~$ minikube addons enable metrics-server
🌟  The 'metrics-server' addon is enabled

Vérifiez maintenant la prise en compte de la commande précédente :

desktop@serverXX:~$ minikube addons list
|-----------------------------|----------|--------------|
|         ADDON NAME          | PROFILE  |    STATUS    |
|-----------------------------|----------|--------------|
| ambassador                  | minikube | disabled     |
| csi-hostpath-driver         | minikube | disabled     |
| dashboard                   | minikube | enabled ✅   |
| default-storageclass        | minikube | enabled ✅   |
| efk                         | minikube | disabled     |
| freshpod                    | minikube | disabled     |
| gcp-auth                    | minikube | disabled     |
| gvisor                      | minikube | disabled     |
| helm-tiller                 | minikube | disabled     |
| ingress                     | minikube | disabled     |
| ingress-dns                 | minikube | disabled     |
| istio                       | minikube | disabled     |
| istio-provisioner           | minikube | disabled     |
| kubevirt                    | minikube | disabled     |
| logviewer                   | minikube | disabled     |
| metallb                     | minikube | disabled     |
| metrics-server              | minikube | enabled ✅   |
| nvidia-driver-installer     | minikube | disabled     |
| nvidia-gpu-device-plugin    | minikube | disabled     |
| olm                         | minikube | disabled     |
| pod-security-policy         | minikube | disabled     |
| registry                    | minikube | disabled     |
| registry-aliases            | minikube | disabled     |
| registry-creds              | minikube | disabled     |
| storage-provisioner         | minikube | enabled ✅   |
| storage-provisioner-gluster | minikube | disabled     |
| volumesnapshots             | minikube | disabled     |
|-----------------------------|----------|--------------|

LAB #3 - Création du Cluster Kubernetes avec kind

3.1 - Présentation de kind

kind est un outil utilisé pour exécuter un cluster Kubernetes localement en utilisant des conteneurs Docker en tant que nœuds. kind a été développé pour tester Kubernetes lui-même mais peut aussi être utilisé pour du développement local.

Le site web de kind est https://kind.sigs.k8s.io/docs/user/quick-start/. Le lien du projet sur github est https://github.com/kubernetes-sigs/kind.

3.2 - Installation de Docker-CE dans la VM Debian_10

Commencez par augmenter la RAM de la machine virtuelle Debian_10 :

desktop@serverXX:~$ VBoxManage modifyvm Debian_10 --memory 8192

Configurez ensuite la redirection de port pour le service ssh :

desktop@serverXX:~$ VBoxManage modifyvm "Debian_10" --natpf1 "Debian_10,tcp,,9022,,22"

Démarrez la machine virtuelle Debian_10 :

desktop@serverXX:~$ VBoxManage startvm Debian_10 --type headless
Waiting for VM "Debian_10" to power on...
VM "Debian_10" has been successfully started.

Patientez 2 minutes puis connectez-vous à la machine virtuelle :

desktop@serverXX:~$ ssh -l trainee localhost -p 9022
trainee@localhost's password: 
Linux debian10 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Nov 30 15:50:01 2020 from 10.0.2.2

Installez ensuite Docker-CE :

trainee@debian10:~$ su -
Password: fenestros
root@debian10:~# 

root@debian10:~# apt-get update && apt-get install -y apt-transport-https ca-certificates curl software-properties-common gnupg2
...
root@debian10:~# curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
...
root@debian10:~# add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
...
root@debian10:~# apt-get update && apt-get install -y containerd.io=1.2.13-2 docker-ce=5:19.03.11~3-0~debian-$(lsb_release -cs) docker-ce-cli=5:19.03.11~3-0~debian-$(lsb_release -cs)
...
root@debian10:~# vi /etc/docker/daemon.json
root@debian10:~# cat /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
root@debian10:~# mkdir -p /etc/systemd/system/docker.service.d
root@debian10:~# systemctl daemon-reload
root@debian10:~# systemctl restart docker
root@debian10:~# docker version
Client: Docker Engine - Community
 Version:           19.03.11
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        42e35e61f3
 Built:             Mon Jun  1 09:12:44 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.11
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       42e35e61f3
  Built:            Mon Jun  1 09:11:17 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

3.3 - Installation de kubelet, kubeadm et kubectl

Ajoutez la clef GPG pour le dépôt Kubernetes :

root@debian10:~# curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
OK

Ajoutez le dépôt de Kubernetes :

root@debian10:~# echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main

Procédez à l'installation de kubeadm, kubelet et kubectl :

root@debian10:~# apt-get update && apt-get install -y kubeadm kubelet kubectl

Bloquez les mises-à-jour de kubeadm, kubelet et kubectl :

root@debian10:~# apt-mark hold kubelet kubeadm kubectl
kubelet set on hold.
kubeadm set on hold.
kubectl set on hold.

3.4 - Installation de kind et Démarrage du Cluster

Installez kind :

root@debian10:~# curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.9.0/kind-linux-amd64
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    97  100    97    0     0    339      0 --:--:-- --:--:-- --:--:--   337
100   642  100   642    0     0   1414      0 --:--:-- --:--:-- --:--:--  1414
100 7247k  100 7247k    0     0  3549k      0  0:00:02  0:00:02 --:--:-- 9522k
root@debian10:~# chmod +x ./kind
root@debian10:~# mv kind /usr/local/bin/
root@debian10:~# which kind
/usr/local/bin/kind

Re-démarrez la machine virtuelle :

root@debian10:~# shutdown -r now

Connectez-vous à la machine virtuelle Debian_10 :

desktop@serverXX:~$ ssh -l trainee localhost -p 9022
trainee@localhost's password: trainee
Linux debian10 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Nov 30 13:47:09 2020 from 10.0.2.2

Devenez root et créez le fichier config.yaml :

trainee@debian10:~$ su -
Password: fenestros
root@debian10:~# vi config.yaml
root@debian10:~# cat config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
kubeadmConfigPatches:
- |
  apiVersion: kubelet.config.k8s.io/v1beta1
  kind: KubeletConfiguration
  evictionHard:
    nodefs.available: "0%"
kubeadmConfigPatchesJSON6902:
- group: kubeadm.k8s.io
  version: v1beta2
  kind: ClusterConfiguration
  patch: |
    - op: add
      path: /apiServer/certSANs/-
      value: my-hostname
nodes:
- role: control-plane
- role: worker
- role: worker
- role: worker

Créez un cluster avec kind :

root@debian10:~# kind create cluster --config config.yaml
Creating cluster "kind" ...
 ✓ Ensuring node image (kindest/node:v1.19.1) 🖼 
 ✓ Preparing nodes 📦 📦 📦 📦  
 ✓ Writing configuration 📜 
 ✓ Starting control-plane 🕹️ 
 ✓ Installing CNI 🔌 
 ✓ Installing StorageClass 💾 
 ✓ Joining worker nodes 🚜 
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Not sure what to do next? 😅  Check out https://kind.sigs.k8s.io/docs/user/quick-start/

Piste : • VMW005 - VMware vSphere ‐ Les Nouveautés 6.7 • workbook6 • AWS004 - Amazon Web Services – Administration – Sysops • workbook7 • DOF308 - Introduction à la Sécurisation de K8s • DOE302 - Managing Pods, Replication Controllers, ReplicaSets, Deployments, Maintenance and Cluster Updates • LCF211 - Validation de la Formation • DOF303 - Les Commandes kubectl, krew et kustomize • GP005 - Gérer ses projets avec les méthodes Agile • DOF309 - Gestion de Paquets pour Kubernetes avec Helm