Module 2: Introduction to Kubernetes
This exercise focuses on enabling you to do the following:
-
Explore the Kubernetes cluster and configuration
-
Communicate with the Kubernetes cluster via CLI and API
-
Upgrade your Kubernetes cluster
NOTE: All the tasks in the following module are executed on the Kubernetes Master node (rhel3). You must SSH the rhel3 host in your labs. Task 1 will show you how to copy the kubeconfig file to the Windows jump host, in order to be able to execute the kubectl commands from PS or CMD.
In this task, you will explore the Kubernetes Cluster Configuration, create a user, and install kubectl on Windows.
| Step | Action |
|---|---|
 Note: All the command references and architectural details are available on the official Kubernetes Website: https://kubernetes.io/docs/home/ |
|
 Remember you created an alias “k” for “kubectl”. In the following lab exercises, you can use k instead of kubectl. |
|
Using Putty, open an SSH connection to rhel3, your Kubernetes master node:
|
|
Review the available options in kubectl: kubectl --help |
|
Make sure autocompletion is enabled for kubectl: source <(kubectl completion bash) |
|
Review the Kubernetes configuration: kubectl config view
If you use multiple kubeconfig files at the same time and you want to merge the views: KUBECONFIG=~/.kube/config:~/.kube/kubconfig2 kubectl config view |
|
Get the Kubernetes version in json or yaml format: kubectl version -o json (or -o yaml) |
|
Create a new Kubernetes service account called rouser (Read-Only User): kubectl create serviceaccount rouser |
|
Create a cluster role called rouser: kubectl create clusterrole rouser --verb=get --verb=list --verb=watch --resource=pods |
|
Create a cluster role binding: kubectl create clusterrolebinding rouser --serviceaccount=default:rouser --clusterrole=rouser |
|
Now get the token from secret of ServiceAccount we have created before. we will use this token to authenticate user: TOKEN=$(kubectl describe secrets "$(kubectl describe serviceaccount rouser | grep -i Tokens | awk '{print $2}')" | grep token: | awk '{print $2}') |
|
Now set the credentials for the user in kube config file. We will use “learner” as a username: kubectl config set-credentials learner --token=$TOKEN |
|
Now we will have to create a new context for the user. We will call it “reader”. Our Cluster is called “Kubernetes” (refer to step 1-4): kubectl config set-context reader@kubernetes --cluster=kubernetes --user=learner |
|
Review the Kubernetes contexts: kubectl config view |
|
Switch to the newly created context: kubectl config use-context reader@kubernetes |
|
Notice that the current-context has changed to reader@kubernetes: kubectl config view |
|
| Note: you can use external tools such as kubectx to easily switch between contexts. |
|
Verify that the user has the right privileges: kubectl auth can-i get pods --all-namespaces (should be yes) kubectl auth can-i create pods (should be no) kubectl auth can-i delete pods (should be no) |
|
Switch back to the default administrator context: kubectl config use-context kubernetes-admin@kubernetes |
|
Check the privileges and compare: kubectl auth can-i get pods --all-namespaces kubectl auth can-i create pods kubectl auth can-i delete pods |
|
| Note: Steps 1-22 through 1-32 are optional. We will now copy the config file of the Kubernetes cluster’s master node rhel3 to the windows jump host. The following procedure is documented here: https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-windows |
|
| Let’s start by installing kubectl on your jump host. Open the Chrome web browser. | |
| Within Chrome, enter: http://storage.googleapis.com/kubernetes-release/release/v1.5.3/bin/windows/amd64/kubectl.exe | |
| After you download the folder, move to a new directory: C:\kube | |
| Using the Windows search to locate the Control Panel. Select System. Select Advanced system settings. Select Environment Variables. Add C:\kube to your PATH environment variable. | |
Verify the installation and the version at a command prompt: kubectl version --client -o json |
|
Verify the kube config: kubectl config view Note that it is empty. This is because the automated script configuration didn’t detect the host as being a master node. |
|
Create a new folder called kube under your home directory (C:\Users\Administrator.DEMO): mkdir .kube |
|
Using WinSCP or copy/paste, transfer the “config” file from $HOME/.kube/config on the rhel3 master node to the newly created .kube folder on your windows jump host:
|
|
Now go back to the command prompt and type: kubectl get nodes You have now successfully created a management host for one or multiple Kubernetes clusters. |
|
Start a Web proxy on the default port 8001: kubectl proxy |
|
Verify that the connection is working properly and that you can access the Kubernetes APIs. Using Chrome, browse the URL http://127.0.0.1:8001. Explore more on your own. |
In this task, you will learn how to upgrade the Kubernetes software components using the kubeadm command.
| Step | Action |
|---|---|
 You only can upgrade from one MINOR version to the next MINOR version, or between PATCH versions of the same MINOR. That is, you cannot skip MINOR versions when you upgrade. For example, you can upgrade from 1.y to 1.y+1, but not from 1.y to 1.y+2 |
|
Using Putty, SSH to host rhel3, your master node:
|
|
Enter the following command to verify if new version of the Kubernetes components used are available: kubeadm upgrade plan |
|
Verify the version of Kubernetes on your nodes (note the difference with rhel6, the node added in task 3): kubectl get nodes |
|
Verify the version of kubeadm: kubeadm version |
|
Install the new kubeadm version on the master node (v1.15.10): yum install -y kubeadm-1.15.10-0 --disableexcludes=kubernetes |
|
Verify the version of kubeadm: kubeadm version |
|
Drain the master node to remove it from the cluster: kubectl drain rhel3 --ignore-daemonsets |
|
Apply the new version of kubeadm (answer y when prompted): kubeadm upgrade apply v1.15.10 |
|
On the master node, install the same version of kubectl and kubelet: yum install -y kubelet-1.15.10-0 kubectl-1.15.10-0 --disableexcludes=kubernetes systemctl restart kubelet |
|
Reactivate the node as part of the active kubernetes cluster by making it schedulable: kubectl uncordon rhel3 |
|
Verify the version of Kubernetes on your nodes (the master should now run 1.15.10): kubectl get nodes |
|
Now, let’s upgrade kubeadm to v1.15.10 on all worker nodes (steps must be repeated on rhel1 and rhel2): yum install -y kubeadm-1.15.10-0 --disableexcludes=kubernetes |
|
On your master node rhel3, you can follow the upgrade process: watch kubectl get nodes |
|
Drain the worker nodes to remove them from the cluster (in the labs, you can perform both workers at the same time. In production, you must ensure a minimum number of nodes are running to sustain your traffic/application): kubectl drain rhel1 --ignore-daemonsets kubectl drain rhel2 --ignore-daemonsets |
|
Apply the new version of kubeadm on rhel1 and rhel2: kubeadm upgrade node |
|
Install the same version of kubectl and kubelet on both worker nodes: yum install -y kubelet-1.15.10-0 kubectl-1.15.10-0 --disableexcludes=kubernetes |
|
Restart the kubelet service to apply the new version to your nodes: systemctl restart kubelet |
|
Reactivate the worker nodes as part of the active kubernetes cluster by making them schedulable: kubectl uncordon rhel1 kubectl uncordon rhel2 |
|
Optionally, you can repeat the steps to upgrade to version 1.16.7. It is not recommended to upgrade to version 1.17.x for stability reasons with Trident. |
|
| Upgrading Kubernetes clusters is long and complex, and there is a lot of possibilities for human errors. That’s why most productive environments implement version control and deployment automation with external tools such as Ansible. Hosted Kubernetes Services such as NetApp Kubernetes Service offer version control and upgrade automation as part of the standard offering and interface. |
End of Exercise