Kubernetes exercise
PEDAGOGICAL OBJECTIVES
- Become familiar with Kubernetes and its command-line tool
kubectl - Define, deploy, run and scale a web-application using the Kubernetes abstractions of Pods, Services and Deployments
- Verify elasticity and resilience of a Kubernetes-managed application
INTRODUCTION AND PREREQUISITES
In this lab you will perform a number of tasks and document your progress in a lab report. Each task specifies one or more deliverables to be produced. Collect all the deliverables in your lab report. Give the lab report a structure that mimics the structure of this document.
You will first locally create your own Kubernetes cluster by using minikube. Then you will deploy a Redis key-value store service provided as example. The goal of the first part is to deploy a complete version of a three-tier application (Frontend + API Server + Redis) using Pods. The second part of the lab will require you to make the application resilient to failures. You will deploy multiple Pods with a Deployment for the Frontend and API services.
The following resources and tools are required for this laboratory session:
- Any modern web browser
- The Kubernetes command line tool
kubectl(instructions to install below in Task 1)
The code for this lab is provided in three files at the end of this document: api-pod.yaml, redis-pod.yaml and redis-svc.yaml.
TASK 1 - INSTALLATION OF MINIKUBE
“Minikube is a lightweight Kubernetes implementation that creates a VM on your local machine and deploys a simple cluster containing only one node. Minikube is available for Linux, macOS, and Windows systems”. See this link for more details.
Before installing minikube, be sure to have Docker and Docker-Compose installed.
Use the page below to download and install `minikube` for your operating system.
https://minikube.sigs.k8s.io/docs/start/
Once installed, run the following command:`minikube start`
This will create your Kubernetes cluster. Once this is done, you can install `kubectl`. `kubectl` is a tool to interact with Kubernetes clusters.
TASK 2 - INSTALLATION AND CONFIGURATION OF KUBECTL
Use this page to download and install the `kubectl` client binary for your Operating System.
Detailed info on the available `kubectl` commands, syntax and parameters can be found in this interactive command reference.Because `minikube` takes care of configuring everything, after the installation of `kubectl`, everything should be ready for us
To test if the installation was valid, run the command:`kubectl version`.
Running: 'kubectl get all'
should return the message:`No resources found` (non-minikube cluster)
or should show one resource: a kubernetes service (if it is a minikube cluster).
TASK 3 - DEPLOY THE APPLICATION
In this task you will setup the environment and deploy an example application to the Kubernetes cluster.
The goal of the provided example application is to store and edit a To Do list. The application consists of a simple Web UI (Frontend) that uses a REST API (API service) to access a Key Value storage service (Redis). Ports to be used for Pods and Services are shown in the figure.
The required Docker images are provided on Docker Hub:
- Frontend: icclabcna/ccp2-k8s-todo-frontend
- API backend: icclabcna/ccp2-k8s-todo-api
- Redis: redis:3.2.10-alpine
SUBTASK 3.1: DEPLOY THE REDIS SERVICE AND POD
Use the following commands to deploy Redis using the provided configuration files:
kubectl create -f redis-svc.yaml
kubectl create -f redis-pod.yaml
and verify it is up and running and on which ports using the command kubectl get all.
To zoom in on a Kubernetes object and see much more detail try kubectl describe po/redis for the Pod and kubectl describe svc/redis-svc for the Service.
SUBTASK 3.2: DEPLOY THE TODO-API SERVICE AND POD
Using the redis-svc.yaml file as example and information from api-pod.yaml, create the api-svc.yaml configuration file for the API Service. The Service has to expose port 8081 and connect to the port of the API Pod.
Be careful with the indentation of the YAML files. If your code editor has a YAML mode, enable it.
Deploy and verify the API-Service and Pod (similar to the Redis ones) and verify that they are up and running on the correct ports.
SUBTASK 3.3: DEPLOY THE TODO-FRONTEND SERVICE AND POD
Using the redis-svc.yaml file as an example, create the frontend-svc.yaml configuration file for the Frontend Service.
Using the api-pod.yaml file as an example, create the frontend-pod.yaml configuration file that starts the UI Docker container in a Pod.
- Docker image for frontend container on Docker Hub is
icclabcna/ccp2-k8s-todo-frontend
Note that the container runs on port: 8080
It also needs to be initialised with the following environment variables (check how api-pod.yaml defines environment variables):
API_ENDPOINT_URL: URL where the API can be accessed e.g., http://localhost:9000- What value must be set for this URL?
Hint: remember that anything you define as a Service will be assigned a DOMAIN that is visible via DNS everywhere in the cluster and a PORT.
- Deploy the Pod using
kubectl.
SUBTASK 3.4: VERIFY THE TODO APPLICATION
Because there isn't a load balancer, we need to port-forward the container port to the host.
`kubectl port-forward pod/frontend-pod hostPort:containerPort`
Now you can verify if the ToDo application is working correctly.
Access the public URL of the Service with a browser. You should be able to access the complete application and create a new ToDo.
TROUBLESHOOTING
Several things can be misconfigured. Remember that there are two Service dependencies:
- the Frontend forwarding requests to the (not externally accessible) API Service;
- the API Service accessing the Redis Service (also only accessible from within the cluster).
You can look at the Pod logs to find out where the problem is. You can see the logs of a Pod using:
kubectl logs -f pod_name
You may want to test if a Pod is responding correctly on its port. Normally accessing a Pod from outside requires an exposed service, but kubectlhas support for temporary port-forwarding that comes very handy. When you run
kubectl port-forward pod_name pod_port:local_port
a secure tunnel is created from your local machine to the instance of the Pod running on one of the cluster nodes. The command blocks and keeps running to keep the tunnel open. Using another terminal window or your browser you can now access the Pod on http://localhost:local_port.
A handy way to debug is to login to a container and see whether the required services are addressable.
You can run a command on a (container in a) Pod using:
kubectl exec -it pod_name <command>
E.g. use kubectl exec -it pod-name bash to start a Bash shell inside the container.
Container images tend to contain only the strict minimum to run the application. If you are missing a tool you can install it (assuming a Debian-family distribution):
apt-get update
apt-get install curl
TASK 4 - ADD AND EXERCISE RESILIENCE
By now you should have understood the general principle of configuring, running and accessing applications in Kubernetes. However, the above application has no support for resilience. If a container (resp. Pod) dies, it stops working. Next, we add some resilience to the application.
SUBTASK 4.1 - ADD DEPLOYMENTS
In this task you will create Deployments that will spawn Replica Sets as health-management components.
Converting a Pod to be managed by a Deployment is quite simple.
- Have a look at an example of a Deployment described here: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
- Note that the doc is for Kubernetes 1.10. For the Kubernetes version we are using (1.10) your file needs to start with:
apiVersion: apps/v1 - Create Deployment versions of your application configurations (e.g.
redis-deploy.yamlinstead ofredis-pod.yaml) and modify/extend them to contain the required Deployment parameters. - Again, be careful with the YAML indentation!
- Make sure to have always 2 instances of the API and Frontend running.
- Use only 1 instance for the Redis-Server. Why?
- Delete all application Pods (using
kubectl delete pod ..., see https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#delete) and replace them with deployment versions. - Verify that the application is still working and the Replica Sets are in place. (
kubectl get all,kubectl get pods,kubectl describe ...)
SUBTASK 4.2 - VERIFY THE FUNCTIONALITY OF THE REPLICA SETS
In this subtask you will intentionally kill (delete) Pods and verify that the application keeps working and the Replica Set is doing its task.
Hint: You can monitor the status of a resource by adding the --watch option to the get command. To watch a single resource:
kubectl get <resource-name> --watch
To watch all resources of a certain type, for example, all Pods:
kubectl get pods --watch
You may also use kubectl get all repeatedly to see a list of all resources. You should also verify if the application stays available by continuously reloading your browser window.
- What happens if you delete a Frontend or API Pod? How long does it take for the system to react?
- What happens when you delete the Redis Pod?
- How can you change the number of instances temporarily to 3? Hint: look for scaling in the deployment documentation
- What autoscaling features are available? Which metrics are used?
- How can you update a component? (see update in the deployment documentation)
ADDITIONAL DOCUMENTATION
Kubernetes documentation can be found on the following pages:
- User Guide explaining the main concepts: https://kubernetes.io/docs/user-guide/
- What is a Pod: https://kubernetes.io/docs/concepts/workloads/pods/pod/
- What is a Service: https://kubernetes.io/docs/concepts/services-networking/service/
- What is a Deployment: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
- HowTo define environment variables: https://kubernetes.io/docs/tasks/configure-pod-container/define-environment-variable-container/
- How-To's for do typical tasks in kubernetes: https://kubernetes.io/docs/tasks/
- Interactive
kubectlcommand reference: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands
- 7 septembre 2023, 13:17
- 7 septembre 2023, 13:17
- 7 septembre 2023, 13:17