Today I was facing some strange issue, when I was trying to connect to the Kubernetes in remote sever got the error as "unable to connect to server: x509: certificate signed by unknown authority".
The Solution is make sure you disable the --insecure-skip-tls-verify by following the posts.
Happy Solvings !!!
Below are the configuration required to make the kubectl, access the K8s running in a remote server. So Searched through the documentation and found the following good solution that is 100% working.
"This Post does not require any certificate or key to access the remote k8s."
Below are the syntax given by the K8s Documentation.
Syntax:
kubectl config set-cluster default-cluster --server=https://<host ip>:6443 --certificate-authority <path-to-kubernetes-ca> --embed-certs
kubectl config set-credentials <credential-name> --client-key <path-to-key>.pem --client-certificate <path-to-cert>.pem --embed-certs
kubectl config set-context default-system --cluster default-cluster --user <credential-name>
kubectl config use-context default-system
Exmples:
kubectl config set-cluster my-cluster --server=https://1.2.3.4 --insecure-skip-tls-verify=true
kubectl config set-credentials my-credentials [--token=bearer_token] or [--username=username] [--password=password]
In My case it was token. hence I used Token you can use the username and password also.
kubectl config set-context my-system --cluster my-cluster --user my-credentials --namespace=default
kubectl config use-context my-system
After making these changes the context will be switched to the my-system. then when you execute the kubectl it will give results from the remote k8s. In case you need to switch. Use the below command to switch to local or other remote repositories. This information will be available in the .kube/config file. To Access go to Run (win+R) and type .kube and hit enter here you can see this file.
kubectl config use-context my-system
We can go through the definition of PV and PVC First.
A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes. It is a resource in the cluster just like a node is a cluster resource.
A PersistentVolumeClaim (PVC) is a request for storage by a user. It is similar to a Pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific size and access modes (e.g., they can be mounted ReadWriteOnce, ReadOnlyMany, or ReadWriteMany, see AccessModes).
These are the definitions from the K8s, In short, then Persistent volumes provide the space where we can store the files required for the functioning of our application.
Suppose consider my requirement. Where I need to store the huge shell scripts files, then I need to use them for the cron job to trigger. A persistent volume is one of the ways to do it.
This is one of the approaches to achieve it, there are also other ways where we can achieve this.
We cannot access the persistent volume without the persistent claim. Hence while creating the Persistent volume, we are also asked to create the Persistent claim also.
This Persistent volume remains even after the Pod is deleted.
Step:1 Persistent Volume creation in K8's.
apiVersion: v1
kind: PersistentVolume
metadata:
name: scripts-pv-volume
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/data"
Step:2 Create the Persistent Volume claim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: scripts-pv-claim
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
Step:3 Use the Storage.
Copy the script files to the "/opt/data" persistent volume by the below command.
kubectl cp welcome.ksh default/mypod:/opt/data
where default is the namespace.
my pod is the name of my pod.
/opt/data is the path where this file needs to be copied.
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: welcome-jobs
spec:
replicas: 2
selector:
matchLabels:
app: welcome-jobs
template:
metadata:
labels:
app: welcome-jobs
spec:
volumes:
- name: scripts-pv-storage
persistentVolumeClaim:
claimName: scripts-pv-claim
containers:
- name: scripts-pv-container
image: busybox
command: ["/opt/data/welcome.ksh"]
volumeMounts:
- mountPath: "/opt/data"
name: scripts-pv-storage
This will execute the Script welcome.ksh from the location /opt/data.
Happy Learning !!!!
Follow the below steps to read the docker images from local instead of pulling them every time from the docker hub. By default, it always reads the images from the docker hub.
This saves us a lot of time by reducing the time to push to the docker hub. It takes a lot of time to push the image from local and tags it.
There are two steps involved.
Step:1
Open the command prompt in admin mode and execute the below command.
C:\Users\Syed>minikube docker-env
Once you execute the command "minikube docker-env" you will see the following output.
SET DOCKER_TLS_VERIFY=1
SET DOCKER_HOST=tcp://127.0.0.1:32770
SET DOCKER_CERT_PATH=C:\Users\Syed\.minikube\certs
SET MINIKUBE_ACTIVE_DOCKERD=minikube
REM To point your shell to minikube's docker-daemon, run:
REM @FOR /f "tokens=*" %i IN ('minikube -p minikube docker-env') DO @%i
Just Copy the Last line after REM and execute in the same command prompt.
C:\Users\Syed>@FOR /f "tokens=*" %i IN ('minikube -p minikube docker-env') DO @%i
After making this change, the local docker images will be visible to the K8's.
Step:2
In the Yaml file of the K8's make sure that the image pulls policy to be "Never". Point this file to the local docker build name and the tag.
eg: imagePullPolicy: Never
Once you do the above two steps, then from next time make changes to the docker file in local, build it and see the changes in the K8's.
Happy Learning!!!!
Check out the files from the Github here.
Navigate to the Folder location where the checkout is done. Execute the Below commands.
C:\Users\Syed\Hello-K8s_Job> kubectl create configmap hello --from-file=hello.ksh
configmap/hello created
It creates the config map from the Script provided.
C:\Users\Syed\Hello-K8s_Job>kubectl apply -f deployment.yaml
cronjob.batch/hello-job created
creates the cron job with the deployment.yml
Access the minikube Dashboard.
In the Cron Jobs tab, we can see the Job Created name "hello-job".
Once if you click the job, you will find the below tab as the Active and Inactive jobs. All the Jobs Executing Currently will be in the Active Jobs, Finished Jobs will be in the Inactive Jobs.
In case, If you need to trigger the job manually then you need to press the play button in the right side top the title bar.
When you look inside the Logs of the Jobs executed we can see the Loggins added.
You can apply the same procedure for the complex KSH scripts as well.
Happy Learning.!!!!
Create the Pipeline script for the Following purpose.
1. Checkout the Code from Git.
2. Build it using the Maven.
3. Create the Docker Image.
4. Push it to the Docker Hub.
5. Deploy the Docker Image to the Kubernetes.
I am using Minikube and docker for the desktop in Windows 10 Machine.
1. Install the Plugin Kubernetes Continuous Deploy.
2. Configure the KubeConfig from Dashboard.
Navigate to Manage Jenkins > Manage Credentials > Jenkins > Global Credentials > Add Credentails
In-Kind Select the Kubernetes Configuration and Define the location from the Kube config.
C:\Users\Syed\.kube\config Then Save it.
3. Make Sure the YAML File is available in the location provided.
4.Create the Pipeline with the following syntax.
pipeline {
environment {
registry = "syedghouse14/greet-user-repo"
registryCredential = 'Docker-Hub'
dockerImage = ''
dockerfile="${workspace}\\GreetUser\\Dockerfile"
pomfile="${workspace}\\GreetUser\\pom.xml"
JAR_FILE="target/*.jar"
}
agent any
stages {
stage('Cloning Git') {
steps {
git 'https://github.com/Syed-SearchEndeca/gretuser.git'
}
}
stage ('Build') {
steps {
withMaven(maven : 'apache-maven-3.6.3') {
bat "mvn clean package -f ${pomfile}"
}
}
}
stage('Building image') {
steps{
script {
dockerImage = docker.build(registry + ":$BUILD_NUMBER",
"--file ${dockerfile} --build-arg JAR_FILE=target/*.jar .")
}
}
}
stage('Deploy Image') {
steps{
script {
docker.withRegistry( '', registryCredential ) {
dockerImage.push()
}
}
}
}
stage('Deploy on kubernetes') {
steps {
script {
kubernetesDeploy(configs: "**/*.yaml", kubeconfigId: "KubeConfig")
}
}
}
}
}
