Try   HackMD

2021 年 Digital Ocean Kubernetes Challenge

大家的 Repo

事前準備

  • Digital Ocean 帳號
    • 申請 Scalable Database 挑戰用 Credit
  • Domain
  • 展示用 Application (Ruby on Rails)
  • 開發環境
    • Kubectl 開發 K8s 的 CLI $ brew install kubectl
    • Lens 開發 K8s 的圖形化界面 $ brew install lens
    • Helm K8s 的 package manager $ brew install helm
    • Ruby 來做出展示用的 Application
    • Terraform (Optional)

預習項目(建議)

  • Load Balancer
  • Container (Ex. Docker)
  • Micro Service
  • 12 Factor
  • Network (基礎概念)

步驟

  1. 建立新增一個 VPC

  2. 新增 K8S Cluster

  3. 把 config download 下來,先試著可以連


> export KUBECONFIG="./kube-challenge-kubeconfig.yml"
> kubectl config get-contexts
CURRENT   NAME                     CLUSTER                  AUTHINFO                       NAMESPACE
*         do-sgp1-kube-challenge   do-sgp1-kube-challenge   do-sgp1-kube-challenge-admin   
> kubectl get node
NAME                        STATUS   ROLES    AGE     VERSION
pool-kube-challenge-ugxub   Ready    <none>   2m10s   v1.21.5
pool-kube-challenge-ugxur   Ready    <none>   118s    v1.21.5
pool-kube-challenge-ugxuw   Ready    <none>   2m10s   v1.21.5

  1. 把專案加到 Lens

    • 可以在 Lens 將 metrics 用的 pods 安裝進 cluster 後來在 Lens 的 metrics tab 或直接 forward 到 browser 用 prometheus 觀察

  2. 來試著開 nginx!

  3. nginx service

參考資料

Quick command notes

export KUBECONFIG=./k8s-kubeconfig.yaml
kubectl config get-contexts
kubectl get node
  • After port forwarding 5678 to kubegres
psql -h localhost -p 5678 -U postgres

CREATE user app WITH PASSWORD 'apppass';
CREATE database app owner app;
\q

psql -h localhost -p 5678 -U app

CREATE TABLE items (name VARCHAR(255), description TEXT);
INSERT INTO items VALUES('test', 'test');

設定 Service 的 ENV

  • 找到 service 的 DNS


























apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: elct9620/auto-deploy-example:0.1.3
        ports:
        - containerPort: 9292
        env:
          - name: DATABASE_URL
            value: "postgres://app:app@kube-challenge-postgres.default.svc.cluster.local/app"
            # format: postgres://USER:PASSWORD@HOST/DATABASE
            # host is the postgres service name you created, with namespace `default`, and (TODO: where to get the `svc.cluster.local` suffix)

設定 SSL - 使用 cert-manager

https://cert-manager.io/docs/installation/helm/

Install CRD (custom resource definition)

https://cert-manager.io/docs/tutorials/acme/ingress/
https://kubernetes.io/docs/concepts/services-networking/ingress/

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: contact@example.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

 apiVersion: networking.k8s.io/v1
 kind: Ingress
   metadata:
   name: nginx-ingress
   annotations:
     kubernetes.io/ingress.class: nginx

+   cert-manager.io/cluster-issuer: my-letsencrypt
 spec:
   rules:
   - host: "k8s-challenge-1.pastleo.me"
     http:
       paths:
       - pathType: Prefix
         path: "/"
         backend:
           service:
             name: nginx-svc
             port:
               number: 80

+  tls:
+  - hosts:
+    - k8s-challenge-1.pastleo.me
+    secretName: k8s-challenge-1
Last changed by 
Developers Talk
作為工程師我們有許多沒有仔細思考的內容,讓我們一起來反思這些問題吧!
0
1
215

Read more

2023 年 11 月 - 理解與維護 Legacy Code

Nov 6, 2023
2023 年 10 月 - 如何做正確的職涯選擇

作為工程師在職涯發展的過程中,該如何準備才能夠更加順利呢?

Oct 25, 2023
2023 年 09 月 - 在生產環境如何追蹤資料錯誤

在 Production 環境時,會發現一些資料的錯誤也沒有拋出例外,該如何追蹤?

Sep 27, 2023
2023 年 07 月 - 如何判斷物件需要拆分

當實作時發現某個物件可以同時符合兩個不同的情境,只需要做出一些調整,我們應該修改當下的物件,還是進行拆分呢?

Jul 26, 2023
Read more from Developers Talk
Published on HackMD