[2021 年 Digital Ocean Kubernetes Challenge](https://www.digitalocean.com/community/pages/kubernetes-challenge) === ## 大家的 Repo * https://github.com/elct9620/do-kubernetes-challenge-2021 * https://github.com/pastleo/k8s-challenge-2021 * https://github.com/dannyh79/k8s-challenge-2021 * https://github.com/cindyliu923/kubernetes-challenge-app ## 事前準備 * Digital Ocean 帳號 * 申請 Scalable Database 挑戰用 Credit * Domain * 展示用 Application (Ruby on Rails) * 開發環境 * [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-macos/#install-with-homebrew-on-macos) 開發 K8s 的 CLI `$ brew install kubectl` * [Lens](https://k8slens.dev/) 開發 K8s 的圖形化界面 `$ brew install lens` * [Helm](https://helm.sh/docs/intro/install#from-homebrew-macos) K8s 的 package manager `$ brew install helm` * Ruby 來做出展示用的 Application * Terraform (Optional) ## 預習項目（建議） * Load Balancer * Container (Ex. Docker) * Micro Service * 12 Factor * Network (基礎概念) ## 步驟 1. 建立新增一個 VPC 2. 新增 K8S Cluster 3. 把 config download 下來，先試著可以連 ```bash > export KUBECONFIG="./kube-challenge-kubeconfig.yml" > kubectl config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE * do-sgp1-kube-challenge do-sgp1-kube-challenge do-sgp1-kube-challenge-admin > kubectl get node NAME STATUS ROLES AGE VERSION pool-kube-challenge-ugxub Ready <none> 2m10s v1.21.5 pool-kube-challenge-ugxur Ready <none> 118s v1.21.5 pool-kube-challenge-ugxuw Ready <none> 2m10s v1.21.5 ``` 4. 把專案加到 Lens - 可以在 Lens 將 metrics 用的 pods 安裝進 cluster 後來在 Lens 的 metrics tab 或直接 forward 到 browser 用 prometheus 觀察 5. 來試著開 nginx！ 6. nginx service ## 參考資料 * https://kubernetes.io/docs/tasks/run-application/run-stateless-application-deployment/ * https://kubernetes.io/docs/concepts/services-networking/service/ * https://kubernetes.io/docs/concepts/services-networking/ingress/ * https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-on-digitalocean-kubernetes-using-helm * Step 2: `helm repo add ...`, `helm repo update`, `helm install nginx-ingress ...` * ~~kubedb~~ 記憶體要求過高（又要付費才能用 demo 以外的 namespace），掰，用下面的 kubegres * https://kubedb.com/docs/v2021.11.24/setup/install/community/ * https://kubedb.com/docs/v2021.11.24/guides/postgres/quickstart/quickstart/ * `0/3 nodes are available: 3 Insufficient memory` * `0/3 nodes are available: 3 pod has unbound immediate PersistentVolumeClaims.` * https://www.kubegres.io/doc/getting-started.html * https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ## Quick command notes ```shell export KUBECONFIG=./k8s-kubeconfig.yaml kubectl config get-contexts kubectl get node ``` - After port forwarding 5678 to kubegres ```shell psql -h localhost -p 5678 -U postgres ``` ```sql CREATE user app WITH PASSWORD 'apppass'; CREATE database app owner app; \q ``` ```shell psql -h localhost -p 5678 -U app ``` ```sql CREATE TABLE items (name VARCHAR(255), description TEXT); INSERT INTO items VALUES('test', 'test'); ``` ### 設定 Service 的 ENV - 找到 service 的 DNS ```yaml= apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: elct9620/auto-deploy-example:0.1.3 ports: - containerPort: 9292 env: - name: DATABASE_URL value: "postgres://app:app@kube-challenge-postgres.default.svc.cluster.local/app" # format: postgres://USER:PASSWORD@HOST/DATABASE # host is the postgres service name you created, with namespace `default`, and (TODO: where to get the `svc.cluster.local` suffix) ``` ### 設定 SSL - 使用 [cert-manager](https://cert-manager.io/) https://cert-manager.io/docs/installation/helm/ Install CRD (custom resource definition)... https://cert-manager.io/docs/tutorials/acme/ingress/ https://kubernetes.io/docs/concepts/services-networking/ingress/ ```yaml apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: server: https://acme-v02.api.letsencrypt.org/directory # Email address used for ACME registration email: contact@example.com # Name of a secret used to store the ACME account private key privateKeySecretRef: name: letsencrypt # Enable the HTTP-01 challenge provider solvers: - http01: ingress: class: nginx ``` ```diff apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx-ingress annotations: kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: my-letsencrypt spec: rules: - host: "k8s-challenge-1.pastleo.me" http: paths: - pathType: Prefix path: "/" backend: service: name: nginx-svc port: number: 80 + tls: + - hosts: + - k8s-challenge-1.pastleo.me + secretName: k8s-challenge-1 ``` - 想要用 wildcard 的話就要用 [DNS validation](https://cert-manager.io/docs/tutorials/acme/dns-validation/)