Según Ale: 2024

jueves, 19 de septiembre de 2024

Curl: Check web server with hostname and IP

A nice way to check if the server is responding for a particular hostname. In this case, we attach the host parameter of the HTTP, and the hostname + port.

If you are sending traffic to IP with a different Host entry, it will not connect to the right service and will serve default-backend.

Try:

curl -H 'Host: aws-dns-name.org' IP_Address

Example:

curl -H 'Host: dashboard.com' ec2-18-207-220-253.compute-1.amazonaws.com:30100

Expose a nginx pod on ec2, just for testing

Deploy the nginx pod:

kubectl run nginx --image=nginx

Expose pod port with a service:

kubectl expose pod/nginx --port 80 --type NodePort

Check the services:

kubectl get services

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d2h

nginx NodePort 10.102.83.199 <none> 80:31545/TCP 8s

Forward public traffic to minikube cluster

We’ll be forwarding traffic using iptables tool as follows

-Identify instance private network interface. Its IP address should correlate with the one shown from the instance main page (the default should be called enX0.
-Identify the minikube bridge network interface using ifconfig command, looking for an interface starting with br-, and copy its IP address aside.
-Identify the nginx service port generated by service creation.
kubectl get services

Then add the rules to forward the traffic of enX0 to the Minikube bridge

sudo iptables -A PREROUTING -t nat -i enX0 -p tcp --dport 31545 -j DNAT --to-destination 192.168.49.2:31545

sudo iptables -A FORWARD -p tcp -d 192.168.49.2 --dport 31545 -j ACCEPT

Add the rules on the ec2 security group to accept the traffic coming with destination por 31545.

Then test the app, something like this:

http://ec2-18-207-220-253.compute-1.amazonaws.com:31545/

Then if you want clean things from the cluster:

kubectl delete service nginx

service "nginx" deleted

kubectl delete pod nginx

pod "nginx" deleted

miércoles, 18 de septiembre de 2024

Add an ingress for the kubernetes dashboard

Run the following command to install the dashboard:

[ec2-user@ip-172-31-80-45 k8s-demo]minikube dashboard

Enable the ingress controller:

[ec2-user@ip-172-31-80-45 ~]$ minikube addons enable ingress

💡 ingress is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub.

You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS

▪ Using image registry.k8s.io/ingress-nginx/controller:v1.11.2

▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3

🔎 Verifying ingress addon...

🌟 The 'ingress' addon is enabled

Create a YAML file:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-ingress
  namespace: kubernetes-dashboard
spec:
  defaultBackend:
    service:
      name: kubernetes-dashboard
      port:
        number: 80

Apply the ingress to the cluster:

[ec2-user@ip-172-31-80-45 k8s-demo]$ kubectl apply -f dashboard-ingress.yaml

ingress.networking.k8s.io/dashboard-ingress created

Check the namespaces:

[ec2-user@ip-172-31-80-45 ~]$ kubectl get ns

NAME STATUS AGE

default Active 2d22h

ingress-nginx Active 2d15h

kube-node-lease Active 2d22h

kube-public Active 2d22h

kube-system Active 2d22h

kubernetes-dashboard Active 41h

Check the ingress service for the namespace:

[ec2-user@ip-172-31-80-45 k8s-demo]$ kubectl get ingress -n kubernetes-dashboard

NAME CLASS HOSTS ADDRESS PORTS AGE

dashboard-ingress nginx * 192.168.49.2 80 40h

Add proper iptables rules to forward the traffic:

[ec2-user@ip-172-31-80-45 k8s-demo]$ sudo iptables -A PREROUTING -t nat -i enX0 -p tcp --dport 80 -j DNAT --to-destination 192.168.49.2:80

sudo iptables -A FORWARD -p tcp -d 192.168.49.2 --dport 80 -j ACCEPT

[ec2-user@ip-172-31-80-45 ~]$ kubectl describe ingress dashboard-ingress -n kubernetes-dashboard

Name: dashboard-ingress

Labels: <none>

Namespace: kubernetes-dashboard

Address: 192.168.49.2

Ingress Class: nginx

Default backend: kubernetes-dashboard:80 (10.244.0.40:9090)

Rules:

Host Path Backends

---- ---- --------

* * kubernetes-dashboard:80 (10.244.0.40:9090)

Annotations: <none>

Events:

Type Reason Age From Message

---- ------ ---- ---- -------

Normal Sync 8m29s (x3 over 9m29s) nginx-ingress-controller Scheduled for sync

After that you can access with the web browser using the public dns name.

After you test it, you can remove the ingress:

[ec2-user@ip-172-31-80-45 ~]$ kubectl delete ingress dashboard-ingress -n kubernetes-dashboard

ingress.networking.k8s.io "dashboard-ingress" deleted

martes, 17 de septiembre de 2024

Configure ingress controller kubernetes

This automatically starts the Nginx ingress controller.

[ec2-user@ip-172-31-80-45 ~]$ minikube addons enable ingress

💡 ingress is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub.

You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS

▪ Using image registry.k8s.io/ingress-nginx/controller:v1.11.2

▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3

🔎 Verifying ingress addon...

🌟 The 'ingress' addon is enabled

[ec2-user@ip-172-31-80-45 ~]$ kubectl get pod -n kube-system

NAME READY STATUS RESTARTS AGE

coredns-6f6b679f8f-d9wl9 1/1 Running 1 (5h50m ago) 7h56m

etcd-minikube 1/1 Running 1 (5h51m ago) 7h56m

kube-apiserver-minikube 1/1 Running 1 (3h51m ago) 7h56m

kube-controller-manager-minikube 1/1 Running 1 (5h51m ago) 7h56m

kube-proxy-qnpdq 1/1 Running 1 (5h51m ago) 7h56m

kube-scheduler-minikube 1/1 Running 1 (5h51m ago) 7h56m

storage-provisioner 1/1 Running 3 (3h50m ago) 7h56m

[ec2-user@ip-172-31-80-45 ~]$ kubectl get ns

NAME STATUS AGE

default Active 7h57m

ingress-nginx Active 4m31s

kube-node-lease Active 7h57m

kube-public Active 7h57m

kube-system Active 7h57m

Check the status of kubernetes

To check current pods:

[ec2-user@ip-172-31-80-45 ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
mongo-deployment-77f8f85dc8-cvz9j 1/1 Running 1 (126m ago) 139m
webapp-deployment-655ff6696b-vw5lw 1/1 Running 1 (7m1s ago) 138m

To check all pods, services and deployments:
[ec2-user@ip-172-31-80-45 ~]$ kubectl get all
NAME READY STATUS RESTARTS AGE
pod/mongo-deployment-77f8f85dc8-cvz9j 1/1 Running 1 (132m ago) 145m
pod/webapp-deployment-655ff6696b-vw5lw 1/1 Running 1 (13m ago) 144m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h17m
service/mongo-service ClusterIP 10.103.48.93 <none> 8080/TCP 155m
service/webapp-service NodePort 10.109.94.172 <none> 3000:30100/TCP 144m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/mongo-deployment 1/1 1 1 145m
deployment.apps/webapp-deployment 1/1 1 1 144m
NAME DESIRED CURRENT READY AGE
replicaset.apps/mongo-deployment-77f8f85dc8 1 1 1 145m
replicaset.apps/webapp-deployment-655ff6696b 1 1 1 144m

To check the current configmap:

[ec2-user@ip-172-31-80-45 ~]$ kubectl get configmap
NAME DATA AGE
game-demo 1 170m
kube-root-ca.crt 1 4h32m
mongo-config 1 164m

To check the current secrets:
[ec2-user@ip-172-31-80-45 ~]$ kubectl get secrets
NAME TYPE DATA AGE
mongo-secret Opaque 2 170m

To check the service's data:

[ec2-user@ip-172-31-80-45 ~]$ kubectl describe service webapp-service
Name: webapp-service
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=webapp
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.109.94.172
IPs: 10.109.94.172
Port: <unset> 3000/TCP
TargetPort: 3000/TCP
NodePort: <unset> 30100/TCP
Endpoints: 10.244.0.6:3000
Session Affinity: None
External Traffic Policy: Cluster
Internal Traffic Policy: Cluster
Events: <none>

To check the pod's data:

[ec2-user@ip-172-31-80-45 ~]$ kubectl describe pod mongo-deployment-77f8f85dc8-cvz9j
Name: mongo-deployment-77f8f85dc8-cvz9j
Namespace: default
Priority: 0
Service Account: default
Node: minikube/192.168.49.2
Start Time: Tue, 17 Sep 2024 20:42:27 +0000
Labels: app=mongo
pod-template-hash=77f8f85dc8
Annotations: <none>
Status: Running
IP: 10.244.0.7
IPs:
IP: 10.244.0.7
Controlled By: ReplicaSet/mongo-deployment-77f8f85dc8
Containers:
mongo:
Container ID: docker://9b4e7fc09ae6ac02df14283196c57c5826afcf00659e51e8fb37e92ced31fdc0
Image: mongo:5.0
Image ID: docker-pullable://mongo@sha256:fd08cf3c5aae3268a032a7064c60a4bc0fb468ee9a7b6b1b45b9b2335e4fda3e
Port: 27017/TCP
Host Port: 0/TCP
State: Running
Started: Tue, 17 Sep 2024 22:54:42 +0000
Last State: Terminated
Reason: Completed
Exit Code: 0
Started: Tue, 17 Sep 2024 20:42:37 +0000
Finished: Tue, 17 Sep 2024 20:54:48 +0000
Ready: True
Restart Count: 1
Environment:
MONGO_INITD_ROOT_USERNAME: <set to the key 'mongo-user' in secret 'mongo-secret'> Optional: false
MONGO_INITD_ROOT_PASSWORD: <set to the key 'mongo-password' in secret 'mongo-secret'> Optional: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-pm8q8 (ro)
Conditions:
Type Status
PodReadyToStartContainers True

Initialized True

Ready True

ContainersReady True

PodScheduled True

Volumes:
kube-api-access-pm8q8:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 178m default-scheduler Successfully assigned default/mongo-deployment-77f8f85dc8-cvz9j to minikube
Normal Pulling 178m kubelet Pulling image "mongo:5.0"
Normal Pulled 177m kubelet Successfully pulled image "mongo:5.0" in 8.868s (8.868s including waiting). Image size: 723535501 bytes.
Normal Created 177m kubelet Created container mongo
Normal Started 177m kubelet Started container mongo
Normal SandboxChanged 45m kubelet Pod sandbox changed, it will be killed and re-created.
Normal Pulled 45m kubelet Container image "mongo:5.0" already present on machine
Normal Created 45m kubelet Created container mongo
Normal Started 45m kubelet Started container mongo

To check the logs of a pod:

[ec2-user@ip-172-31-80-45 ~]$ kubectl logs pod/mongo-deployment-77f8f85dc8-cvz9j

{"t":{"$date":"2024-09-17T22:54:43.121+00:00"},"s":"I", "c":"CONTROL", "id":23285, "ctx":"-","msg":"Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'"}
{"t":{"$date":"2024-09-17T22:54:43.136+00:00"},"s":"I", "c":"NETWORK", "id":4915701, "ctx":"-","msg":"Initialized wire specification","attr":{"spec":{"incomingExternalClient":{"minWireVersion":0,"maxWireVersion":13},"incomingInternalClient":{"minWireVersion":0,"maxWireVersion":13},"outgoing":{"minWireVersion":0,"maxWireVersion":13},"isInternalClient":true}}}
{"t":{"$date":"2024-09-17T22:54:43.147+00:00"},"s":"W", "c":"ASIO", "id":22601, "ctx":"main","msg":"No TransportLayer configured during NetworkInterface startup"}

{"t":{"$date":"2024-09-17T22:54:43.149+00:00"},"s":"I", "c":"NETWORK", "id":4648601, "ctx":"main","msg":"Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize."}

To check the service:

[ec2-user@ip-172-31-80-45 ~]$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h54m
mongo-service ClusterIP 10.103.48.93 <none> 8080/TCP 3h11m
webapp-service NodePort 10.109.94.172 <none> 3000:30100/TCP 3h

To see the Minikube ip:
[ec2-user@ip-172-31-80-45 ~]$ minikube ip
192.168.49.2

If you are using a deployment of kubernetes, you can check date of the node:
[ec2-user@ip-172-31-80-45 ~]$ kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
minikube Ready control-plane 4h55m v1.31.0 192.168.49.2 <none> Ubuntu 22.04.4 LTS 6.1.109-118.189.amzn2023.x86_64 docker://27.2.0

To check the endpoints
[ec2-user@ip-172-31-80-45 ~]$ kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 192.168.49.2:8443 5h40m
mongo-service 10.244.0.7:27017 3h57m
webapp-service 10.244.0.6:3000 3h46m

Minikube on Amazon Linux 2023

Download the latest Minikube version

[ec2-user@ip-172-31-32-118 ~]$ curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-latest.x86_64.rpm

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 36.2M 100 36.2M 0 0 48.4M 0 --:--:-- --:--:-- --:--:-- 48.4M

Install minikube

[ec2-user@ip-172-31-32-118 ~]$ sudo rpm -Uvh minikube-latest.x86_64.rpm

Verifying... ################################# [100%]

Preparing... ################################# [100%]

package minikube-1.34.0-0.x86_64 is already installed

If you try to start Minikube you will have the following error.
[ec2-user@ip-172-31-32-118 ~]$ minikube start

😄 minikube v1.34.0 on Amazon 2023.5.20240916 (xen/amd64)

👎 Unable to pick a default driver. Here is what was considered, in preference order:

▪ docker: Not healthy: "docker version --format {{.Server.Os}}-{{.Server.Version}}:{{.Server.Platform.Name}}" exit status 1: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.44/version": dial unix /var/run/docker.sock: connect: permission denied

▪ docker: Suggestion: Add your user to the 'docker' group: 'sudo usermod -aG docker $USER && newgrp docker' <https://docs.docker.com/engine/install/linux-postinstall/>

💡 Alternatively you could install one of these drivers:

▪ kvm2: Not installed: exec: "virsh": executable file not found in $PATH

▪ podman: Not installed: exec: "podman": executable file not found in $PATH

▪ qemu2: Not installed: exec: "qemu-system-x86_64": executable file not found in $PATH

▪ virtualbox: Not installed: unable to find VBoxManage in $PATH

❌ Exiting due to DRV_NOT_HEALTHY: Found driver(s) but none were healthy. See above for suggestions how to fix installed drivers.

So proceed to check for updates and install docker.
[ec2-user@ip-172-31-32-118 ~]$ sudo yum update -y

Last metadata expiration check: 0:44:48 ago on Tue Sep 17 17:37:47 2024.

Dependencies resolved.

Nothing to do.

Complete!

[ec2-user@ip-172-31-32-118 ~]$ sudo yum install -y docker

Last metadata expiration check: 0:45:13 ago on Tue Sep 17 17:37:47 2024.

Package docker-25.0.6-1.amzn2023.0.2.x86_64 is already installed.

Dependencies resolved.

Nothing to do.

Complete!

Add the user ec2-user to the docker group

[ec2-user@ip-172-31-32-118 ~]$ sudo usermod -aG docker $USER && newgrp docker

[ec2-user@ip-172-31-32-118 ~]$ sudo systemctl start docker && sudo systemctl enable docker

Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

Check for the current version

[ec2-user@ip-172-31-32-118 ~]$ curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt

v1.31.0

Use the following version to download the kubectl

[ec2-user@ip-172-31-32-118 ~]$ curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.31.0/bin/linux/amd64/kubectl

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 53.7M 100 53.7M 0 0 61.0M 0 --:--:-- --:--:-- --:--:-- 60.9M

[ec2-user@ip-172-31-32-118 ~]$ sudo chmod +x ./kubectl

[ec2-user@ip-172-31-32-118 ~]$ sudo mv ./kubectl /usr/local/bin/kubectl

[ec2-user@ip-172-31-32-118 ~]$ minikube start

😄 minikube v1.34.0 on Amazon 2023.5.20240916 (xen/amd64)

✨ Automatically selected the docker driver. Other choices: ssh, none

📌 Using Docker driver with root privileges

👍 Starting "minikube" primary control-plane node in "minikube" cluster

🚜 Pulling base image v0.0.45 ...

💾 Downloading Kubernetes v1.31.0 preload ...

> preloaded-images-k8s-v18-v1...: 326.69 MiB / 326.69 MiB 100.00% 39.54 M

> gcr.io/k8s-minikube/kicbase...: 487.89 MiB / 487.90 MiB 100.00% 38.87 M

🔥 Creating docker container (CPUs=2, Memory=2200MB) ...

🐳 Preparing Kubernetes v1.31.0 on Docker 27.2.0 ...

▪ Generating certificates and keys ...

▪ Booting up control plane ...

▪ Configuring RBAC rules ...

🔗 Configuring bridge CNI (Container Networking Interface) ...

🔎 Verifying Kubernetes components...

▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5

🌟 Enabled addons: storage-provisioner, default-storageclass

🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

The Minikube is installed.

[ec2-user@ip-172-31-32-118 ~]$ kubectl get pod -A

NAMESPACE NAME READY STATUS RESTARTS AGE

kube-system coredns-6f6b679f8f-28vqp 1/1 Running 0 19s

kube-system etcd-minikube 1/1 Running 0 26s

kube-system kube-apiserver-minikube 1/1 Running 0 24s

kube-system kube-controller-manager-minikube 1/1 Running 0 24s

kube-system kube-proxy-m4pcg 1/1 Running 0 19s

kube-system kube-scheduler-minikube 1/1 Running 0 24s

kube-system storage-provisioner 1/1 Running 0 23s