# Introduction to Shipa ## We need a Kubernetes cluster To get the most out of Shipa, I'll be using real Cloud Provider Kubernetes as well as a local
`minikube` cluster.
To create a Kubernetes cluster, you can follow my guides on each Cloud provider below:
|Cloud | Kubernetes | Video | Source Code | | |---|---|---|---|---| |Azure | AKS |[Source Code](../cloud/azure/getting-started.md) | AKS Guide | |Amazon | EKS |[Source Code](../cloud/amazon/getting-started.md) | EKS Guide | |Google | GKE |[Source Code](../cloud/google/getting-started.md) | GKE Guide | |Digital Ocean | DO |[Source Code](../cloud/digitalocean/getting-started.md) | DO Guide | |Linode | LKE |[Source Code](../cloud/linode/getting-started.md) | LKE Guide | I will start with a local minikube cluster to get Shipa running:
``` # start up a cluster minikube start --kubernetes-version='v1.18.2' --memory='5gb' --disk-size='20gb' --driver=hyperv # check our cluster kubectl get nodes NAME STATUS ROLES AGE VERSION minikube Ready master 45s v1.18.2 ``` # Getting Started with Shipa ## Install Dependencies ``` docker run -it --rm -v ${PWD}:/work -w /work alpine sh apk add --no-cache curl unzip cd kubernetes/shipa/ mkdir installs && cd installs ``` ## Install Kubectl ``` curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.4/bin/windows/amd64/kubectl.exe ``` ## Install Helm CLI ``` curl -LO https://get.helm.sh/helm-v3.4.1-windows-amd64.zip && \ unzip helm-v3.4.1-windows-amd64.zip && \ mv windows-amd64/helm.exe . && \ rm -rf windows-amd64 && \ rm helm-v3.4.1-windows-amd64.zip ``` ## Install Shipa CLI ``` curl -LO https://storage.googleapis.com/shipa-client/v1.1/shipa_windows_amd64.exe mv shipa_windows_amd64.exe shipa.exe ``` ## Add all the CLI to our $PATH We can now add the CLI executables to a folder somewhere on our machine
Then we add it to our `$PATH` * installs/helm.exe * installs/kubectl.exe * installs/shipa.exe ## Download Shipa Helm Chart Official Docs [here](https://learn.shipa.io/docs/installing-shipa) We can find all the releases of Shipa [here](https://github.com/shipa-corp/helm-chart/releases) In this demo, I will use version `1.1.1` Let's download Shipa:
``` curl -L -s -o shipa1.1.1.zip https://github.com/shipa-corp/helm-chart/archive/v1.1.1.zip && \ unzip shipa1.1.1.zip && rm shipa1.1.1.zip && \ mv helm-chart-1.1.1 shipa-helm-chart-1.1.1 && \ # we can abandon this container exit ``` ## Install Shipa Let's add Shipa to our `minikube` cluster:
``` cd .\kubernetes\shipa\installs\shipa-helm-chart-1.1.1\ kubectl apply -f limits.yaml # deploy shipa dependencies helm dep up # install helm install shipa . ` --timeout=15m ` --set=metrics.image=gcr.io/shipa-1000/metrics:30m ` --set=auth.adminUser=admin@shipa.io ` --set=auth.adminPassword=shipa2020 ` --set=shipaCore.serviceType=ClusterIP ` --set=shipaCore.ip=10.100.10.20 ` --set=service.nginx.serviceType=ClusterIP ` --set=service.nginx.clusterIP=10.100.10.10 # ensure everything is up and running kubectl get pods NAME READY STATUS RESTARTS AGE dashboard-web-1-6f8b58fb89-bjf7c 1/1 Running 0 3h12m node-container-busybody-theonepool-zz7sw 1/1 Running 0 3h15m node-container-netdata-theonepool-kqb5z 1/1 Running 0 3h15m shipa-api-57b69645d9-rd2bz 1/1 Running 0 3h21m shipa-clair-d7554fc6f-8nqgz 1/1 Running 1 3h21m shipa-docker-registry-5885d6f467-dvkjb 1/1 Running 0 3h18m shipa-etcd-85cc6c6458-6cgx6 1/1 Running 1 3h21m shipa-guardian-5466f58668-25zkf 1/1 Running 0 3h16m shipa-init-job-1-9xdgw 0/1 Completed 0 3h21m shipa-metrics-786468c5cc-h7zfb 1/1 Running 0 3h21m shipa-mongodb-replicaset-0 1/1 Running 0 3h21m shipa-nginx-ingress-75dccdb4fb-nq7xq 1/1 Running 0 3h21m shipa-postgres-7c55df4758-7s64w 1/1 Running 0 3h21m kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-web-1 ClusterIP 10.96.3.55 8888/TCP 3h12m dashboard-web-1-units ClusterIP None 8888/TCP 3h12m kubernetes ClusterIP 10.96.0.1 443/TCP 3h46m shipa-api ClusterIP 10.100.120.116 8080/TCP,8081/TCP 3h21m shipa-clair ClusterIP 10.111.91.38 6060/TCP,6061/TCP 3h21m shipa-docker-registry ClusterIP 10.104.180.204 5000/TCP 3h21m shipa-etcd ClusterIP 10.110.16.90 2379/TCP 3h21m shipa-guardian ClusterIP 10.97.114.38 8000/TCP,22/TCP 3h21m shipa-ingress-nginx ClusterIP 10.100.10.10 22/TCP,5000/TCP,8081/TCP,8080/TCP,2379/TCP 3h21m shipa-metrics ClusterIP 10.108.223.229 9090/TCP,9091/TCP 3h21m shipa-mongodb-replicaset ClusterIP None 27017/TCP 3h21m shipa-mongodb-replicaset-client ClusterIP None 27017/TCP 3h21m shipa-postgres ClusterIP 10.104.18.123 5432/TCP 3h21m # access the dashboard kubectl port-forward svc/dashboard-web-1 8888 ``` We should now be able to access the dashboard on `http://localhost:8888` ## Targets ``` # add a route for shipa API route add 10.100.10.10/32 MASK 255.255.255.255 $(minikube ip) # add a route for shipa ingress route add 10.100.10.20/32 MASK 255.255.255.255 $(minikube ip) shipa target-add dev 10.100.10.10 shipa target-list shipa target-set dev ``` ## Pools https://learn.shipa.io/docs/pool-management ``` shipa pool-add dev --public --kube-namespace blue-team --provisioner kubernetes shipa pool-list ``` ## Clusters ``` shipa cluster-list +------------+-------------+---------------+-------------+---------+------------+-------+-------+ | Name | Provisioner | Addresses | Custom Data | Default | Pools | Teams | Error | +------------+-------------+---------------+-------------+---------+------------+-------+-------+ | shipa-core | kubernetes | 10.96.0.1:443 | | false | theonepool | | | +------------+-------------+---------------+-------------+---------+------------+-------+-------+ ``` ## Applications ``` shipa login shipa app-create helloworld static -t admin -o theonepool shipa app-deploy -i aimvector/python:1.0.4 -a helloworld ``` ``` https://collabnix.com/the-rise-of-shipa-a-continuous-operation-platform/ 1. Configured default user: Username: admin@admin.com Password: adminadmin123 2. If this is a production cluster, please configure persistent volumes. The default reclaimPolicy for dynamically provisioned persistent volumes is "Delete" and users are advised to change it for production The code snippet below can be used to set reclaimPolicy to "Retain" for all volumes: PVCs=$(kubectl --namespace=shipa-system get pvc -l release=shipa -o name) for pvc in $PVCs; do volumeName=$(kubectl -n shipa-system get $pvc -o template --template=\{\{.spec.volumeName\}\}) kubectl -n shipa-system patch pv $volumeName -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' done 3. Set default target for shipa-client: export SHIPA_HOST=$(kubectl --namespace=shipa-system get svc shipa-ingress-nginx -o jsonpath="{.status.loadBalancer.ingress[0].ip}") shipa target-add shipa $SHIPA_HOST -s shipa login admin@admin.com shipa node-list shipa app-list ```