2019-07-12: How to start learning Kubernetes
Why and how?
I wanted to learn how to learn Kubernetes from within a Container, because it's nice, cozy and safe inside a Container. That is why this guide will focus on doing everything from inside a running Container. Call it a learning Container or containerized learning.
Another benefit from doing learning from the inside, is that this forces the setup to be more automatic and secure. The general rule is that if it is difficult to do anything from inside a Container, then it is difficult to automate. This forces the learner to think Automation-First from the very beginning.
Requirements
- Install Docker Desktop and enable Kubernetes
The Learning Container
Docker Desktop installs a single node Kubernetes cluster in Windows Guest (Hyper-V). In order to run docker and kubectl commands from with the running container inside the cluster, we need to connect the container to the Host running the Container.
First we need to configure the configuration of the kubectl that is installed in the container.
<insert image of the source of kubectl>
Windows Host => Windows Guest/Docker Host => Container
Step: Get the local Kubernetes config
- Find and open the local Kubernetes config in Docker Desktop
cd %USERPROFILE%\.kube cat config
This will be something like:
apiVersion: v1 clusters: - cluster: insecure-skip-tls-verify: true server: https://localhost:6445 name: docker-for-desktop-cluster contexts: - context: cluster: docker-for-desktop-cluster user: docker-for-desktop name: docker-for-desktop current-context: docker-for-desktop kind: Config preferences: {} users: - name: docker-for-desktop user: client-certificate-data: REDACTED client-key-data: REDACTED
Here we are after the values of "client-certificate-data" and "client-key-data". Remember these for later.
How to put these values inside the Container in a safe and secure way?
Step: Create a "docker-compose" file with kubectl config inserted
The Container can access secrets that is inserted from "docker-compose" file:
version: '3.5' services: learning_kubernetes: image: geircode/learning_kubernetes:latest build: context: . dockerfile: Dockerfile container_name: learning_kubernetes-1 environment: - KUBECONFIG=/run/secrets/kubeconfig secrets: - source: kubeconfig volumes: - ".:/app" - "/var/run/docker.sock:/var/run/docker.sock" networks: - learning_kubernetes_network secrets: kubeconfig: file: ../../DockerSecrets/learning_kubernetes_secrets/kubeconfig_file.txt networks: learning_kubernetes_network:
Oh my, that is a alot of fancy config.
What happens here is:
- "kubeconfig_file.txt" is inserted into the container as a docker secret and gets the name "kubeconfig"
- the container "learning_kubernetes" gets access to the secret with name "kubeconfig" and is now accessible in file directory "/run/secrets/" inside the container
- the environment variable in the container "KUBECONFIG" is set to point to the file that is now accessible => "/run/secrets/kubeconfig"
There are also some volume mappings:
- mapped all local files into /app in the container to make it easier to debug the container. Edits made locally or inside the container will be instantly visible.
- mapped docker.sock from the Docker deamon into the container. This makes it possible to run "docker" commands from the container against the Docker Host.
Step: Create and edit the "DockerSecrets/learning_kubernetes_secrets/kubeconfig_file.txt" file
Why: We need to create a config that is able to connect to the Docker For Desktop installation. This is done by the special address: host.docker.internal that makes it possible for the container to reach services running on Windows Host.
- Find and run the script: "Learning_Kubernetes\dockersecrets\01-MakeDockerSecretsFolder.bat"
- Open the file "DockerSecrets\learning_kubernetes_secrets\kubeconfig.txt"
apiVersion: v1 clusters: - cluster: insecure-skip-tls-verify: true server: https://host.docker.internal:6445 name: docker-for-desktop-cluster contexts: - context: cluster: docker-for-desktop-cluster user: docker-for-desktop name: docker-for-desktop current-context: docker-for-desktop kind: Config preferences: {} users: - name: docker-for-desktop user: client-certificate-data: <Insert here> client-key-data: <Insert here>
- insert the values for "client-certificate-data" and "client-key-data" from the file we opened earlier in "%USERPROFILE%\.kube"