Add new Node to k8s cluster with cert rotation

The setup here is created by following Kubernetes the Hard Way by Kelsey Hightower. So if you are following along in this then do all the setup till the step Bootstrapping the Kubernetes Worker Nodes. In this just don’t start the kubelet, start other services like containerd and kube-proxy. master node Following the docs of TLS Bootstrapping, let’s first create the token authentication file. Create a file with following content: $ cat tokenfile 02b50b05283e98dd0fd71db496ef01e8,kubelet-bootstrap,10001,"system:bootstrappers" You should create the token which is as random as possible by running following command: ...

October 16, 2018 · 3 min · Suraj Deshmukh

Adding new worker to existing Kubernetes cluster

To setup a multi-node Kubernetes cluster just run this script and you will have a cluster with 3 masters and 3 workers. $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME worker-0 Ready <none> 1h v1.11.2 192.168.199.20 <none> Ubuntu 18.04.1 LTS 4.15.0-33-generic cri-o://1.11.2 worker-1 Ready <none> 1h v1.11.2 192.168.199.21 <none> Ubuntu 18.04.1 LTS 4.15.0-33-generic cri-o://1.11.2 worker-2 Ready <none> 1h v1.11.2 192.168.199.22 <none> Ubuntu 18.04.1 LTS 4.15.0-33-generic cri-o://1.11.2 Now to add a new node to this cluster you will need to bring up a VM, for this just use following Vagrantfile. ...

September 23, 2018 · 5 min · Suraj Deshmukh

Single node Kubernetes Cluster on Fedora with SELinux enabled

Start a single node fedora machine, using whatever method but I have used this Vagrantfile to do it: # -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure("2") do |config| config.vm.define "fedora" do |fedora| fedora.vm.box = "fedora/28-cloud-base" config.vm.hostname = "fedora" end config.vm.provider "virtualbox" do |virtualbox, override| virtualbox.memory = 4096 virtualbox.cpus = 4 end config.vm.provision "shell", privileged: false, inline: <<-SHELL echo '127.0.0.1 localhost' | cat - /etc/hosts > temp && sudo mv temp /etc/hosts SHELL end Now start it and ssh into it: vagrant up vagrant ssh Once inside the machine, become root user and run this script: sudo -i curl https://raw.githubusercontent.com/surajssd/scripts/master/shell/k8s-install-single-node/install.sh | sh And you should have a running Kubernetes cluster. ...

September 11, 2018 · 2 min · Suraj Deshmukh

HostPath volumes and it's problems

This post will demonstrate how Kubernetes HostPath volumes can help you get access to the Kubernetes nodes. Atleast you can play with the filesystem of the node on which you pod is scheduled on. You can get access to other containers running on the host, certificates of the kubelet, etc. I have a 3-master and 3-node cluster and setup using this script, running in a Vagrant environment. All the nodes are in ready state: ...

September 10, 2018 · 8 min · Suraj Deshmukh

HTTPS during development using 'mkcert'

It’s always a hassle creating certificates and lot of technical jargons involved. This can be simplified, using mkcert. Install by following one of the steps mentioned in the docs. Once installed just run: $ mkcert -install Created a new local CA at "/home/hummer/.local/share/mkcert" 💥 [sudo] password for hummer: The local CA is now installed in the system trust store! ⚡ The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! 🦊 This has installed the local CA. Now all you need to do is create a new certificate. ...

August 14, 2018 · 2 min · Suraj Deshmukh

Golang struct tags gotchas

In golang while using struct tag, the spaces make a lot of difference. For example look at the following code. type PodStatus struct { Status string `json: ",status"` } If you run go vet on this piece of code you will get following error: $ go vet types.go # command-line-arguments ./types.go:28: struct field tag `json: ",status"` not compatible with reflect.StructTag.Get: bad syntax for struct tag value Now this does not tell us what is wrong with the struct tag, json: ",status". The problem with this struct tag is that the extra space can be interpreted as delimiter so provide key-value pair without space. ...

August 12, 2018 · 1 min · Suraj Deshmukh

Access etcd in OpenShift origin

How do you access the etcd that is being used by the OpenShift started by oc cluster up or using minishift. If you are using minishift then get docker environment access of the minishift VM by running following commands. eval $(minishift docker-env) && eval $(minishift oc-env) Exec into the container named origin that runs OpenShift and all the needed services. $ docker exec -it origin bash First install the etcdctl needed to talk to etcd. [root@surajd origin]$ yum -y install etcd Get into the directory where all the certs and keys are available. ...

July 11, 2018 · 1 min · Suraj Deshmukh