2019-07-12: How to start learning Kubernetes

Owned by Geir Ivar Jerstad
Last updated: Jul 27, 2019
3 min read

Why and how?

I wanted to learn how to learn Kubernetes from within a Container, because it's nice, cozy and safe inside a Container. That is why this guide will focus on doing everything from inside a running Container. Call it a learning Container or containerized learning.

Another benefit from doing learning from the inside, is that this forces the setup to be more automatic and secure. The general rule is that if it is difficult to do anything from inside a Container, then it is difficult to automate. This forces the learner to think Automation-First from the very beginning.

Requirements

The Learning Container

Docker Desktop installs a single node Kubernetes cluster in Windows Guest (Hyper-V). In order to run docker and kubectl commands from with the running container inside the cluster, we need to connect the container to the Host running the Container.

First we need to configure the configuration of the kubectl that is installed in the container.


<insert image of the source of kubectl>

Windows Host => Windows Guest/Docker Host => Container


Step: Get the local Kubernetes config

  • Find and open the local Kubernetes config in Docker Desktop
cd %USERPROFILE%\.kube
cat config


This will be something like:

apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://localhost:6445
  name: docker-for-desktop-cluster
contexts:
- context:
    cluster: docker-for-desktop-cluster
    user: docker-for-desktop
  name: docker-for-desktop
current-context: docker-for-desktop
kind: Config
preferences: {}
users:
- name: docker-for-desktop
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

Here we are after the values of "client-certificate-data" and "client-key-data". Remember these for later.

How to put these values inside the Container in a safe and secure way?

Step: Create a "docker-compose" file with kubectl config inserted

The Container can access secrets that is inserted from "docker-compose" file:

version: '3.5'

services:
  learning_kubernetes:
    image: geircode/learning_kubernetes:latest
    build:
      context: .
      dockerfile: Dockerfile    
    container_name: learning_kubernetes-1
    environment:
      -  KUBECONFIG=/run/secrets/kubeconfig    
    secrets:
      - source: kubeconfig
    volumes:
      - ".:/app"       
      - "/var/run/docker.sock:/var/run/docker.sock"
    networks:
      - learning_kubernetes_network
secrets:
  kubeconfig:
    file: ../../DockerSecrets/learning_kubernetes_secrets/kubeconfig_file.txt
networks:
  learning_kubernetes_network:

Oh my, that is a alot of fancy config.

What happens here is:

  • "kubeconfig_file.txt" is inserted into the container as a docker secret and gets the name "kubeconfig"
  • the container "learning_kubernetes" gets access to the secret with name "kubeconfig" and is now accessible in file directory "/run/secrets/" inside the container
  • the environment variable in the container "KUBECONFIG" is set to point to the file that is now accessible => "/run/secrets/kubeconfig"

There are also some volume mappings:

  • mapped all local files into /app in the container to make it easier to debug the container. Edits made locally or inside the container will be instantly visible.
  • mapped docker.sock from the Docker deamon into the container. This makes it possible to run "docker" commands from the container against the Docker Host.


Step: Create and edit the "DockerSecrets/learning_kubernetes_secrets/kubeconfig_file.txt" file

Why: We need to create a config that is able to connect to the Docker For Desktop installation. This is done by the special address: host.docker.internal that makes it possible for the container to reach services running on Windows Host.

  • Find and run the script: "Learning_Kubernetes\dockersecrets\01-MakeDockerSecretsFolder.bat"
  • Open the file "DockerSecrets\learning_kubernetes_secrets\kubeconfig.txt"
apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://host.docker.internal:6445
  name: docker-for-desktop-cluster
contexts:
- context:
    cluster: docker-for-desktop-cluster
    user: docker-for-desktop
  name: docker-for-desktop
current-context: docker-for-desktop
kind: Config
preferences: {}
users:
- name: docker-for-desktop
  user:
    client-certificate-data: <Insert here>
    client-key-data: <Insert here>
  • insert the values for "client-certificate-data" and "client-key-data" from the file we opened earlier in "%USERPROFILE%\.kube"