Until the production deployment of hello-app with k3d on Time4VPS

What is k3d?

A lightweight version of Kubernetes called k3s published by Rancher It is a substitute that builds a cluster using docker. For those who have already operated with docker-compose on VPS I think it is a tool that can be an alternative.

Overall flow

-Introduction -[Prepare Time4VPS server](Prepare # time4vps server) -[Install k3d on Time4VPS](Install k3d on # time4vps) --[Build a cluster with k3d](Build a cluster with # k3d) --[Install cert-manager on cluster](# Install cert-manager on cluster) -[Get a free domain with freenom](Get a free domain with #freenom) -[Write and deploy manifest file](#Write and deploy manifest file)

Introduction

This time, because it is a test, it is as close to free as possible We will build a cluster using k3d. The server adopts the strongest overseas VPS Time4VPS, You can get a free domain for the domain I will get it with freenom. For the docker container image, use this.

Prepare Time4VPS server

First, prepare a vps server from here. By the way, the type of OS used in this article is ʻUbuntu 18.04`. When the vps contract is completed, refer to the following article and make the initial settings of Ubuntu. Ubuntu minimum initial settings

Install k3d on Time4VPS

Of course, docker is required for k3d, so install docker first. If you want to install docker on Ubuntu, it is recommended to refer to this article. Install Docker on Ubuntu 18.04 (also + docker-compose)

After installing docker, do Install k3d.

curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash

Build a cluster with k3d

Now it's time to set up a cluster with k3d. For <your vps global ip>, apply the vps ip you prepared.

k3d cluster create hoge-cluster --agents 2 --api-port <your vps global ip>:6550 -p 80:80@agent[0] -p 443:443@agent[0]

Connect with local kubectl

First, execute the following on the server side and make a note of certificate-authority-data and the user's password.

vi ~/.kube/config

Add the cluster information, context, and user created this time to the local ~ / .kube / config. This will connect the local kubectl to the cluster on Time4VPS.

~/.kube/config(local)


apiVersion: v1
kind: Config
current-context: hoge-cluster
preferences: {}

clusters:
  - name: hoge-cluster
    cluster:
      certificate-authority-data: <your certificate-authority-data in vps ~/.kube/config>
      server: https://<your vps global ip>:6550

users:
  - name: admin@hoge-cluster
    user:
      password: <your password in vps ~/.kube/config>
      username: admin

contexts:
  - name: hoge-cluster
    context:
      cluster: hoge-cluster
      user: admin@hoge-cluster

*** Check if you can connect to the cluster ***

kubectl get node

NAME                        STATUS   ROLES    AGE   VERSION
k3d-hoge-cluster-agent-0    Ready    <none>   39m   v1.18.8+k3s1
k3d-hoge-cluster-agent-1    Ready    <none>   39m   v1.18.8+k3s1
k3d-hoge-cluster-server-0   Ready    master   39m   v1.18.8+k3s1

Install cert-manager on the cluster

Then install cert-manager on the cluster to deliver the service over SSL. Installation of cert-manager is super easy because the installation is completed in one manifest. Install cert-manager

Get a free domain with freenom

I think it's a waste to get a paid domain just by trying it out in a test. So it is convenient to get a free domain called freenom Use the service. The domain name to be acquired is k3d-hello-app.tk this time.

Write and deploy manifest file

Finally, write the manifest file and deploy it. This time, the container image uses the registry published by google as a sample for GKE. It's a lonely task because there is no image build work or push work to the remote registry. Prepare a directory to manage the manifest called k8s Let's prepare two types of manifest files.

#The directory structure looks like this
.
└── k8s
    ├── hello-app.yaml
    └── ingress.yaml

k8s/hello-app.yaml



apiVersion: v1
kind: Service
metadata:
  name: hello-app-service
spec:
  type: LoadBalancer
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 8080
  selector:
    app: hello-app

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-app-deployment
spec:
  replicas: 6
  selector:
    matchLabels:
      app: hello-app
  template:
    metadata:
      labels:
        app: hello-app
        env: stage
    spec:
      containers:
        - image: gcr.io/google-samples/hello-app:1.0
          name: hello-app
          ports:
            - containerPort: 8080

By the way, the type of Service is Load Balancer k3d can use type: LoadBalancer.

Next, write a manifest file for ingress. Replace <your mail address> with your own email address.

k8s/ingress.yaml


apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-issuer
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration, update to your own.
    email: <your mail address>
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-issuer
    solvers:
      - http01:
          ingress:
            class: traefik
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: letsencrypt-cert
spec:
  dnsNames:
    - k3d-hello-app.tk

  secretName: letsencrypt-cert-tls
  issuerRef:
    name: letsencrypt-issuer


---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: hoge-cluster-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/ingress.class: "traefik"
    certmanager.k8s.io/issuer: "letsencrypt-issuer"
    certmanager.k8s.io/acme-challenge-type: http01
spec:
  tls:
    - secretName: letsencrypt-cert-tls
      hosts:
        - k3d-hello-app.tk

  rules:
    - host: k3d-hello-app.tk
      http:
        paths:
          - path: /
            backend:
              serviceName: hello-app-service
              servicePort: 8080

Now let's apply the manifest.

kubectl apply -f k8s -R

By the way, I don't need the -R flag this time. If the contents of the manifest file became huge. When it comes to something I think it will be necessary to divide the manifest file into packages. In such a case, if you add the -R flag, the manifest that is divided into packages will also be If you apply it recursively, that's what it is.


#For example, package division like this
.
└── k8s
    ├── hello-app.yaml
    └── ingress
        ├── certificate.yaml
        ├── ingress.yaml
        └── issuer.yaml

If you can apply the manifest, check it in your browser. If it is displayed as below and SSL is established, it is complete!

Screenshot 2020-10-02 19.26.18.png

Summary

k3d sets up a virtual Node in one physical server Since we are building a cluster, there is no availability at the physical server tier. If one server is paused, you can do it! And the whole The services operating in that cluster will be suspended. The so-called Blast Radius is not a big deal. It's already a one-shot deathblow ww So depending on the size of your business, it may not meet your requirements at all. When focusing on saving running costs such as personal scale Isn't there a virtual cluster like k3d? In particular, I have personally used docker-compose for production! It is highly recommended for those who like.

reference

Recommended Posts

Until the production deployment of hello-app with k3d on Time4VPS
Note on the path of request.getRequestDispatcher
Programming with ruby (on the way)
Change the deployment level of API documents with Gradle Swagger Generator Plugin
Samshin on the value of the hidden field
part of the syntax of ruby ​​on rails
Looking back on the basics of Java
About the treatment of BigDecimal (with reflection)
Format the contents of LocalDate with DateTimeFormatter
True / false judgment based on the condition of each difference with multiple integers
A quick note on using jshell with the official Docker image of the JDK