marko/docker-development-youtube-series
1
0
Fork 0
mirror of https://github.com/marcel-dempers/docker-development-youtube-series.git synced 2025-06-06 17:01:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11 from marcel-dempers/cloud-series

Browse Source 
kubernetes-in-the-cloud
This commit is contained in:
Marcel Dempers 2020-06-16 10:26:13 +00:00 committed by GitHub
commit bcf8e55856
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 633 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -64,5 +64,8 @@ Video: https://youtu.be/xhva6DeKqVU <br/>
Part #7 Kubernetes ingress | the basics <br/>
Video: https://youtu.be/izWCkcJAzBw <br/>
Kubernetes in the Cloud
Checkout my series on running Kubernetes in the Cloud [here](./kubernetes/cloud/readme.md) <br/>
More details coming soon!

12
kubernetes/cloud/amazon/assume-node-policy.json Normal file
View File

@ -0,0 +1,12 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}

12
kubernetes/cloud/amazon/assume-policy.json Normal file
View File

@ -0,0 +1,12 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}

163
kubernetes/cloud/amazon/getting-started.md Normal file
View File

@ -0,0 +1,163 @@
# Getting Started with EKS
## Amazon CLI
```
# Run Amazon CLI
docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh amazon/aws-cli:2.0.17
cd ./kubernetes/cloud/amazon
yum install jq
```
## Login to AWS
https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html
```
# Access your "My Security Credentials" section in your profile.
# Create an access key
aws configure
# Regions
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
```
# Deploy Cluster with AWS CLI
You can deploy a cluster using multiple ways. </br>
We will cover the two fundamental ways.
1) AWS CLI https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html
2) EKS CLI (newer) https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html
## AWS CLI
Kubernetes needs a service account to manage our Kubernetes cluster <br/>
In AWS this is an IAM role <br/>
Lets create one! <br/>
Follow "Create your Amazon EKS cluster IAM role" [here](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html) <br/>
```
# create our role for EKS
role_arn=$(aws iam create-role --role-name getting-started-eks-role --assume-role-policy-document file://assume-policy.json | jq .Role.Arn | sed s/\"//g)
aws iam attach-role-policy --role-name getting-started-eks-role --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
# create the cluster VPC
curl https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-05-08/amazon-eks-vpc-sample.yaml -o vpc.yaml
aws cloudformation deploy --template-file vpc.yaml --stack-name getting-started-eks
# grab your stack details
aws cloudformation list-stack-resources --stack-name getting-started-eks > stack.json
# create our cluster
aws eks create-cluster \
--name getting-started-eks \
--role-arn $role_arn \
--resources-vpc-config subnetIds=subnet-063efe1fa0c5d4913,subnet-06f91e563755e2077,subnet-0824d16f8536b3681,securityGroupIds=sg-0960d3a116ba912e1,endpointPublicAccess=true,endpointPrivateAccess=false
aws eks list-clusters
aws eks describe-cluster --name getting-started-eks
```
## Get a kubeconfig for our cluster
```
aws eks update-kubeconfig --name getting-started-eks --region ap-southeast-2
#grab the config if you want it
cp ~/.kube/config .
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl
```
## Add nodes to our cluster
```
# create our role for nodes
role_arn=$(aws iam create-role --role-name getting-started-eks-role-nodes --assume-role-policy-document file://assume-node-policy.json | jq .Role.Arn | sed s/\"//g)
aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
```
More details on node permissions [here](https://docs.aws.amazon.com/eks/latest/userguide/worker_node_IAM_role.html)
More details on instance types to choose from [here](https://aws.amazon.com/ec2/instance-types/)
```
aws eks create-nodegroup \
--cluster-name getting-started-eks \
--nodegroup-name test \
--node-role $role_arn \
--subnets subnet-0ec47e6ae964a233f \
--disk-size 200 \
--scaling-config minSize=1,maxSize=2,desiredSize=1 \
--instance-types t2.small
```
## EKS CTL example
```
eksctl create cluster --name getting-started-eks-1 \
--region ap-southeast-2 \
--version 1.16 \
--managed \
--node-type t2.small \
--nodes 1 \
--node-volume-size 200
```
## Create some sample containers
```
cd ../..
kubectl create ns example-app
# lets create some resources.
kubectl apply -n example-app -f secrets/secret.yaml
kubectl apply -n example-app -f configmaps/configmap.yaml
kubectl apply -n example-app -f deployments/deployment.yaml
# remember to change the `type: LoadBalancer`
kubectl apply -n example-app -f services/service.yaml
```
## Cleanup
```
eksctl delete cluster --name getting-started-eks-1
aws eks delete-nodegroup --cluster-name getting-started-eks --nodegroup-name test
aws eks delete-cluster --name getting-started-eks
aws iam detach-role-policy --role-name getting-started-eks-role --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
aws iam delete-role --role-name getting-started-eks-role
aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
aws iam delete-role --role-name getting-started-eks-role-nodes
aws cloudformation delete-stack --stack-name getting-started-eks
```

129
kubernetes/cloud/azure/getting-started.md Normal file
View File

@ -0,0 +1,129 @@
# Getting Started with AKS
## Azure CLI
```
# Run Azure CLI
docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh mcr.microsoft.com/azure-cli:2.6.0
cd ./kubernetes/cloud/azure
```
## Login to Azure
```
#login and follow prompts
az login
# view and select your subscription account
az account list -o table
SUBSCRIPTION=<id>
az account set --subscription <SubscriptionId-id-here>
```
## Create our Resource Group
```
RESOURCEGROUP=aks-getting-started
az group create -n $RESOURCEGROUP -l australiaeast
```
## Create Service Principal
Kubernetes needs a service account to manage our Kubernetes cluster </br>
Lets create one! </br>
```
SERVICE_PRINCIPAL_JSON=$(az ad sp create-for-rbac --skip-assignment --name aks-getting-started-sp -o json)
#Keep the `appId` and `password` for later use!
SERVICE_PRINCIPAL=$(echo $SERVICE_PRINCIPAL_JSON | jq -r '.appId')
SERVICE_PRINCIPAL_SECRET=$(echo $SERVICE_PRINCIPAL_JSON | jq -r '.password')
#grant contributor role over the resource group to our service principal
az role assignment create --assignee $SERVICE_PRINCIPAL \
--scope "/subscriptions/$SUBSCRIPTION/resourceGroups/$RESOURCEGROUP" \
--role Contributor
```
For extra reference you can also take a look at the Microsoft Docs: [here](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/kubernetes-service-principal.md) </br>
## Create our cluster
```
#full list of options
az aks create --help
az aks get-versions --location australiaeast -o table
#generate SSH key
ssh-keygen -t rsa -b 4096 -N "VeryStrongSecret123!" -C "your_email@example.com" -q -f ~/.ssh/id_rsa
cp ~/.ssh/id_rsa* .
az aks create -n aks-getting-started \
--resource-group $RESOURCEGROUP \
--location australiaeast \
--kubernetes-version 1.16.9 \
--load-balancer-sku standard \
--nodepool-name default \
--node-count 1 \
--node-vm-size Standard_E4s_v3 \
--node-osdisk-size 250 \
--ssh-key-value ./id_rsa.pub \
--network-plugin kubenet \
--service-principal $SERVICE_PRINCIPAL \
--client-secret $SERVICE_PRINCIPAL_SECRET \
--output none
# if your SP key is invalid, generate a new one:
SERVICE_PRINCIPAL_SECRET=(az ad sp credential reset --name $SERVICE_PRINCIPAL | jq -r '.password')
```
## Get a kubeconfig for our cluster
```
# use --admin for admin credentials
# use without `--admin` to get no priviledged user.
az aks get-credentials -n aks-getting-started \
--resource-group $RESOURCEGROUP
#grab the config if you want it
cp ~/.kube/config .
```
## Get kubectl
```
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +x ./kubectl
mv ./kubectl /usr/local/bin/kubectl
cd ../..
kubectl create ns example-app
# lets create some resources.
kubectl apply -n example-app -f secrets/secret.yaml
kubectl apply -n example-app -f configmaps/configmap.yaml
kubectl apply -n example-app -f deployments/deployment.yaml
# remember to change the `type: LoadBalancer`
kubectl apply -n example-app -f services/service.yaml
```
## Clean up
```
az group delete -n $RESOURCEGROUP
az ad sp delete --id $SERVICE_PRINCIPAL
```

104
kubernetes/cloud/digitalocean/getting-started.md Normal file
View File

@ -0,0 +1,104 @@
# Getting Started with DGO
## Trial Account
Coupon Link to get $100 credit for 60 days: <br/>
https://m.do.co/c/74a1c5d63dac
## Digital Ocean CLI
https://hub.docker.com/r/digitalocean/doctl
```
# Digital Ocean CLI
docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/bash digitalocean/doctl:1.45.0
mv /app/doctl /usr/local/bin/
cd ./kubernetes/cloud/digitalocean
```
## Login to DGO
```
#login and follow prompts
doctl auth init
doctl auth list
```
## Create a new project
```
doctl projects create --name getting-started-dgo --purpose testing
doctl projects list
# grab the project ID
```
## Gather our options
https://www.digitalocean.com/docs/kubernetes/
```
doctl kubernetes options
doctl kubernetes options regions
doctl kubernetes options versions
```
## Create our cluster
```
# full list of options
doctl kubernetes cluster create --help
doctl kubernetes cluster create dgo-getting-started \
--version 1.17.5-do.0 \
--count 1 \
--size s-1vcpu-2gb \
--region sgp1
```
## Get a kubeconfig for our cluster
```
doctl kubernetes cluster kubeconfig save dgo-getting-started
#grab the config if you want it
cp ~/.kube/config .
```
## Get kubectl
```
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +x ./kubectl
mv ./kubectl /usr/local/bin/kubectl
cd ../..
kubectl create ns example-app
# lets create some resources.
kubectl apply -n example-app -f secrets/secret.yaml
kubectl apply -n example-app -f configmaps/configmap.yaml
kubectl apply -n example-app -f deployments/deployment.yaml
# remember to change the `type: LoadBalancer`
kubectl apply -n example-app -f services/service.yaml
```
## Clean up
```
doctl kubernetes cluster delete dgo-getting-started
# remember to delete the load balancer manually!
```

95
kubernetes/cloud/google/getting-started.md Normal file
View File

@ -0,0 +1,95 @@
# Getting Started with GKE
## Google Cloud CLI
https://hub.docker.com/r/google/cloud-sdk/
```
# Run Google Cloud CLI
docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/bash google/cloud-sdk:160.0.0
cd ./kubernetes/cloud/google
```
## Login to GCloud
```
#login and follow prompts
gcloud auth login
gcloud projects list
gcloud projects create getting-started-gke
gcloud config set project getting-started-gke
```
## Enable APIs for your Project.
You may be prompted to enable APIs in Google Console for your project in order to proceed.
Follow the prompts.
## Create our cluster
Machine types : https://cloud.google.com/compute/docs/machine-types
```
# machine types
gcloud compute machine-types list > machine-types.log
# Get k8s versions for your zone
gcloud container get-server-config --zone australia-southeast1-c
# full list of options
gcloud container clusters create --help
gcloud container clusters create gke-getting-started \
--cluster-version 1.16.8-gke.15 \
--disk-size 200 \
--num-nodes 1 \
--machine-type e2-small \
--no-enable-cloud-endpoints \
--no-enable-cloud-logging \
--no-enable-cloud-monitoring \
--zone australia-southeast1-c
```
## Get a kubeconfig for our cluster
```
gcloud container clusters get-credentials gke-getting-started --zone australia-southeast1-c
#grab the config if you want it
cp ~/.kube/config .
```
## Get kubectl
```
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +x ./kubectl
mv ./kubectl /usr/local/bin/kubectl
cd ../..
kubectl create ns example-app
# lets create some resources.
kubectl apply -n example-app -f secrets/secret.yaml
kubectl apply -n example-app -f configmaps/configmap.yaml
kubectl apply -n example-app -f deployments/deployment.yaml
# remember to change the `type: LoadBalancer`
kubectl apply -n example-app -f services/service.yaml
```
## Clean up
```
gcloud container clusters delete gke-getting-started --zone australia-southeast1-c
```

4
kubernetes/cloud/linode/dockerfile Normal file
View File

@ -0,0 +1,4 @@
FROM python:3.8.3-alpine3.12
RUN apk add --no-cache bash curl
RUN pip3 install linode-cli==2.15.0

101
kubernetes/cloud/linode/getting-started.md Normal file
View File

@ -0,0 +1,101 @@
# Getting Started with Linode
## Trial Account
Promo Link to get $20 credit to try out Linode: <br/>
https://login.linode.com/signup?promo=DOCS20AA00X1
## Linode CLI
At the time of this video there is not docker image for Linode CLI, so lets make our own :) <br/>
Take a look at the dockerfile in this folder.
```
# Linode CLI
# Run this from the root of the repo!
docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/bash aimvector/linode:2.15.0
cd ./kubernetes/cloud/linode
```
## Login to Linode
```
#login and follow prompts
linode-cli
```
## Gather our options
https://www.linode.com/docs/platform/api/linode-cli/
```
linode-cli lke --help
linode-cli regions list --text
linode-cli lke versions-list
linode-cli linodes list --region ap-south
```
## Create our cluster
https://www.linode.com/docs/platform/api/linode-cli/#linode-kubernetes-engine-lke
```
# full list of options
linode-cli lke cluster-create --help
linode-cli lke cluster-create \
--label getting-started-lke \
--region ap-south \
--k8s_version 1.16 \
--node_pools.type g6-standard-2 --node_pools.count 1 \
--tags marcel
```
## Get a kubeconfig for our cluster
```
linode-cli lke clusters-list
linode-cli lke kubeconfig-view <id>
```
Download a kubeconfig from the [dashboard](https://cloud.linode.com/kubernetes/clusters) <br/>
Rename and drop it into `./kubernetes/cloud/linode/config.yaml`
## Get kubectl
```
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +x ./kubectl
mv ./kubectl /usr/local/bin/kubectl
export KUBECONFIG=/work/kubernetes/cloud/linode/config.yaml
kubectl create ns example-app
# lets create some resources.
kubectl apply -n example-app -f /work/kubernetes/secrets/secret.yaml
kubectl apply -n example-app -f /work/kubernetes/configmaps/configmap.yaml
kubectl apply -n example-app -f /work/kubernetes/deployments/deployment.yaml
# remember to change the `type: LoadBalancer`
kubectl apply -n example-app -f /work/kubernetes/services/service.yaml
```
## Clean up
```
linode-cli lke clusters-list
linode-cli lke cluster-delete <id>
# remember to delete the load balancer manually!
```

9
kubernetes/cloud/readme.md Normal file
View File

@ -0,0 +1,9 @@
# Kubernetes in the Cloud
## Introduction to Kubernetes on Cloud Providers
Microsoft Azure [here](./azure/getting-started.md) <br/>
Digital Ocean [here](./digitalocean/getting-started.md) <br/>
Linode Cloud [here](./linode/getting-started.md) <br/>
Amazon Web Services [here](./amazon/getting-started.md) <br/>
Google Cloud [here](./google/getting-started.md) <br/>

2
kubernetes/services/service.yaml
View File

@ -5,7 +5,7 @@ metadata:
labels:
app: example-app
spec:
type: ClusterIP
type: LoadBalancer
selector:
app: example-app
ports: