Adding k8s directory containing instructions

Author: sambitr

Diff for: k8s/README.md

@@ -0,0 +1,3 @@
+# k8s
+
+k8s

Diff for: k8s/ansible-role-k8s

@@ -0,0 +1,3 @@
+
+
+http://gbraad.nl/blog/deploying-kubernetes-using-ansible.html

Diff for: k8s/dashboard.yml

@@ -0,0 +1,162 @@
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ------------------- Dashboard Secret ------------------- #
+
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-certs
+  namespace: kube-system
+type: Opaque
+
+---
+# ------------------- Dashboard Service Account ------------------- #
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+
+---
+# ------------------- Dashboard Role & Role Binding ------------------- #
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubernetes-dashboard-minimal
+  namespace: kube-system
+rules:
+  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create"]
+  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["create"]
+  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+- apiGroups: [""]
+  resources: ["secrets"]
+  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
+  verbs: ["get", "update", "delete"]
+  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+- apiGroups: [""]
+  resources: ["configmaps"]
+  resourceNames: ["kubernetes-dashboard-settings"]
+  verbs: ["get", "update"]
+  # Allow Dashboard to get metrics from heapster.
+- apiGroups: [""]
+  resources: ["services"]
+  resourceNames: ["heapster"]
+  verbs: ["proxy"]
+- apiGroups: [""]
+  resources: ["services/proxy"]
+  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
+  verbs: ["get"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubernetes-dashboard-minimal
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubernetes-dashboard-minimal
+subjects:
+- kind: ServiceAccount
+  name: kubernetes-dashboard
+  namespace: kube-system
+
+---
+# ------------------- Dashboard Deployment ------------------- #
+
+kind: Deployment
+apiVersion: apps/v1beta2
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: kubernetes-dashboard
+  template:
+    metadata:
+      labels:
+        k8s-app: kubernetes-dashboard
+    spec:
+      containers:
+      - name: kubernetes-dashboard
+        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+        args:
+          - --auto-generate-certificates
+          # Uncomment the following line to manually specify Kubernetes API server Host
+          # If not specified, Dashboard will attempt to auto discover the API server and connect
+          # to it. Uncomment only if the default does not work.
+          # - --apiserver-host=http://my-address:port
+        volumeMounts:
+        - name: kubernetes-dashboard-certs
+          mountPath: /certs
+          # Create on-disk volume to store exec logs
+        - mountPath: /tmp
+          name: tmp-volume
+        livenessProbe:
+          httpGet:
+            scheme: HTTPS
+            path: /
+            port: 8443
+          initialDelaySeconds: 30
+          timeoutSeconds: 30
+      volumes:
+      - name: kubernetes-dashboard-certs
+        secret:
+          secretName: kubernetes-dashboard-certs
+      - name: tmp-volume
+        emptyDir: {}
+      serviceAccountName: kubernetes-dashboard
+      # Comment the following tolerations if Dashboard must not be deployed on master
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+
+---
+# ------------------- Dashboard Service ------------------- #
+
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+spec:
+  ports:
+    - port: 443
+      targetPort: 8443
+  selector:
+    k8s-app: kubernetes-dashboard

Diff for: k8s/ingress

@@ -0,0 +1 @@
+https://matthewpalmer.net/kubernetes-app-developer/articles/kubernetes-ingress-guide-nginx-example.html

Diff for: k8s/init

@@ -0,0 +1,18 @@
+
+
+Your Kubernetes master has initialized successfully!
+
+To start using your cluster, you need to run the following as a regular user:
+
+  mkdir -p $HOME/.kube
+  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+  sudo chown $(id -u):$(id -g) $HOME/.kube/config
+
+You should now deploy a pod network to the cluster.
+Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
+  https://kubernetes.io/docs/concepts/cluster-administration/addons/
+
+You can now join any number of machines by running the following on each node
+as root:
+
+  kubeadm join 172.31.15.174:6443 --token 1jw4fh.66ohpzmh0zn5dh6c --discovery-token-ca-cert-hash sha256:d7783f9141a57184fcfbaff3cfdfebad3215e0cfd5ca06eac43cbf80181e837b

Diff for: k8s/k8s-dashboard

@@ -0,0 +1,42 @@
+latest:
+https://kubernetestutorials.com/how-to-install-kubernetes-dashboard/
+
+dashboard setup:
+
+ https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html
+ 
+signin issue:
+
+https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
+
+https://github.com/kubernetes/dashboard/issues/2735
+
+https://docs.giantswarm.io/guides/install-kubernetes-dashboard/
+
+
+
+dashboard-token:
+https://github.com/kubernetes/dashboard/wiki/Creating-sample-user#bearer-token
+
+https://stackoverflow.com/questions/46664104/how-to-sign-in-kubernetes-dashboard
+
+
+# Create service account
+kubectl create serviceaccount cluster-admin-dashboard-sa
+
+# Bind ClusterAdmin role to the service account
+kubectl create clusterrolebinding cluster-admin-dashboard-sa \
+  --clusterrole=cluster-admin \
+  --serviceaccount=default:cluster-admin-dashboard-sa
+
+# Parse the token
+TOKEN=$(kubectl describe secret $(kubectl -n kube-system get secret | awk '/^cluster-admin-dashboard-sa-token-/{print $1}') | awk '$1=="token:"{print $2}')
+
+
+$ kubectl -n kube-system edit service kubernetes-dashboard
+
+             You should see yaml representation of the service.
+              Change type: ClusterIP to type: NodePort and save file. 
+              If it's already changed go to next step.
+              
+ $ kubectl -n kube-system get service kubernetes-dashboard

Diff for: k8s/k8s-master

@@ -0,0 +1,58 @@
+
+
+##########################
+
+steps to follow to install kube master:
+
+apt-get update && apt-get install -y apt-transport-https && \
+apt install docker.io -y && \
+     systemctl start docker && \
+     systemctl enable docker && \
+curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \
+cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF && \
+apt-get update && \
+apt-get install -y kubelet kubeadm kubectl kubernetes-cni
+
+
+kubeadm init --ignore-preflight-errors all
+mkdir -p $HOME/.kube && \
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config && \
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+kubectl apply -f https://docs.projectcalico.org/v3.4/getting-started/kubernetes/installation/hosted/calico.yaml
+kubectl get pods --all-namespaces
+kubectl get nodes 
+
+refer: https://github.com/kubernetes/dashboard
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
+
+#kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
+
+#kubectl proxy --address 0.0.0.0 --accept-hosts '.*' &
+
+
+#Access the dashboard using the below link
+
+#http://<ip>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/overview?namespace=default
+
+
+# Create service account
+kubectl create serviceaccount cluster-admin-dashboard-sa
+
+# Bind ClusterAdmin role to the service account
+kubectl create clusterrolebinding cluster-admin-dashboard-sa \
+  --clusterrole=cluster-admin \
+  --serviceaccount=default:cluster-admin-dashboard-sa
+
+# Parse the token
+TOKEN=$(kubectl describe secret $(kubectl -n kube-system get secret | awk '/^cluster-admin-dashboard-sa-token-/{print $1}') | awk '$1=="token:"{print $2}')
+
+
+$ kubectl -n kube-system edit service kubernetes-dashboard
+
+             You should see yaml representation of the service.
+              Change type: ClusterIP to type: NodePort and save file. 
+              If it's already changed go to next step.
+              
+ $ kubectl -n kube-system get service kubernetes-dashboard

Diff for: k8s/k8s-workernode

@@ -0,0 +1,18 @@
+
+steps to follow to install kube master:
+
+apt-get update && apt-get install -y apt-transport-https && \
+apt install docker.io -y && \
+     systemctl start docker && \
+     systemctl enable docker && \
+curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \
+cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF && \
+apt-get update && \
+apt-get install -y kubelet kubeadm kubectl kubernetes-cni
+kubeadm join 172.31.26.24:6443 --token hpnfgz.52pq3e95hrsz68c6 --discovery-token-ca-cert-hash sha256:92f783e806fb2b0bd36c2847d276847e78a14e07f86256cdbb4f3d79b9618df8
+
+masterside to fecth the token:
+ kubeadm token create --print-join-command
+ 

Diff for: k8s/links

@@ -0,0 +1,14 @@
+
+setup:
+ https://www.linkedin.com/pulse/automated-service-deployment-using-jenkins-kubernetes-ganaesan
+commands:
+https://kubernetes.io/docs/reference/kubectl/cheatsheet/
+
+connect to pods:
+
+ https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/
+ 
+prometheus:
+https://devopscube.com/setup-prometheus-monitoring-on-kubernetes/
+
+https://prometheus.io/docs/introduction/overview/

Diff for: k8s/readme

@@ -0,0 +1,37 @@
+
+
+https://www.linkedin.com/pulse/automated-service-deployment-using-jenkins-kubernetes-ganaesan
+
+https://blog.tekspace.io/kubernetes-dashboard-remote-access/
+
+
+to authenticate:
+
+ https://devops.stackexchange.com/questions/3537/how-to-login-to-k8s-proxy-nowadays?rq=1
+ 
+ cat dashboard-rolebinding.yaml
+ 
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-dashboard
+  labels:
+    k8s-app: kubernetes-dashboard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: kubernetes-dashboard
+  namespace: kube-system
+  
+  
+  kubectl create -f dashboard-rolebinding.yaml
+
+
+
+stop proxy:
+ netstat -tulp | grep kubectl 
+ Then run sudo kill -9 <pid> to kill the process.
+