- Kubernetes: v1.21.2 (released on 2021-06-18)
- kustomize: v4.2.0 (released on 2021-07-02)
- Helm: 3.6.3 (released on 2021-07-15)
- Traefik: v2.2
- ArgoCD: v2.1.1 (released on 2021-08-26)
- Prometheus-Operator: v0.48.1 (released on 2021-06-01)
- Prometheus: v2.28.1 (released on 2021-07-01)
- Grafana: Latest
- Strimzi: 0.24.0 (released on 2021-06-24)
- Kind: v0.11.1 (released on 2021-05-28)
- Ingress Nginx Controller: v0.48.0 (released on 2021-07-15)
- Conftest: 0.25.0 (released on 2021-05-08)
- Cluster Setup
- Kubernetes Features
- Kubernetes Extentions
- kubernetes-operator
- plugins
- Networking
- Middleware (Operator)
- Monitoring
- Security
- Yaml Management
- CI/CD
- https://github.com/cncf/trailmap
- https://www.cncf.io/blog/2018/03/08/introducing-the-cloud-native-landscape-2-0-interactive-edition/
2.1 ArgoCD
-
Create namespace
kubectl create namespace eck -
Add elastic Helm
helm repo add elastic https://helm.elastic.co -
Install ES
helm install -n eck elasticsearch elastic/elasticsearch -f helm/es-config.yaml -
Install Kibana
helm install -n eck kibana elastic/kibana -f helm/kb-config.yaml -
Install filebeat
helm install -n eck filebeat elastic/filebeat --version 7.8.1 -f helm/filebeat-config.yaml
-
Kafka
-
Update the kafka-connect-twitter with your own API token
-
Apply Kafka
kubectl create namespace kafka-strimzi-18 kubectl apply -k strimzi/overlays/kafka-strimzi-18
-
NAMESPACE NAME READY STATUS RESTARTS AGE
eck elasticsearch-master-0 1/1 Running 0 14h
eck kibana-kibana-55f4bc96f5-7fz65 1/1 Running 0 14h
kafka-strimzi-18 kafka-connect-sink-connect-847cfbf66-gwtkl 1/1 Running 0 7h27m
kafka-strimzi-18 kafka-connect-source-connect-57bf7974f7-sz8ww 1/1 Running 0 7h27m
kafka-strimzi-18 my-cluster-entity-operator-579cdc77bc-v6rxt 3/3 Running 5 14h
kafka-strimzi-18 my-cluster-kafka-0 2/2 Running 0 14h
kafka-strimzi-18 my-cluster-kafka-1 2/2 Running 0 14h
kafka-strimzi-18 my-cluster-kafka-2 2/2 Running 2 14h
kafka-strimzi-18 my-cluster-zookeeper-0 1/1 Running 0 14h
kafka-strimzi-18 strimzi-cluster-operator-6c9d899778-nkd9q 1/1 Running 0 14h
kube-system kube-dns-869d587df7-7whsm 3/3 Running 0 14h
kube-system kube-dns-869d587df7-z659j 3/3 Running 0 14h
kube-system kube-dns-autoscaler-645f7d66cf-r9ttj 1/1 Running 0 14h
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-nod-9dff1786-x4wz 1/1 Running 0 14h
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-pre-19639e01-7jsz 1/1 Running 0 93s
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-pre-19639e01-cnl2 1/1 Running 0 14h
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-pre-19639e01-f6cb 1/1 Running 0 14h
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-pre-19639e01-vw9d 1/1 Running 0 14h
kube-system l7-default-backend-678889f899-fvswg 1/1 Running 0 14h
kube-system metrics-server-v0.3.6-7b7d6c7576-msl8x 2/2 Running 0 14h
-
Prometheus & Grafana
git clone https://github.com/coreos/kube-prometheus.git && kube-prometheuskubectl apply -f manifests/setupwait a few minutes
kubectl create -f manifests -
Add strimzi monitoring
kubectl apply -f strimzi/monitoring/prometheus-prometheus.yaml,strimzi/monitoring/prometheus-clusterRole.yaml -
Add elasticsearch monitoring
kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
eck elasticsearch-master-0 1/1 Running 0 3d3h
eck kibana-kibana-55f4bc96f5-7fz65 1/1 Running 0 3d4h
kafka-strimzi-18 kafka-connect-sink-connect-75db959966-sxqxx 1/1 Running 0 43m
kafka-strimzi-18 kafka-connect-source-connect-6bc6d8797c-rr2x2 1/1 Running 0 42m
kafka-strimzi-18 my-cluster-entity-operator-579cdc77bc-v6rxt 3/3 Running 0 3d4h
kafka-strimzi-18 my-cluster-kafka-0 2/2 Running 0 2d13h
kafka-strimzi-18 my-cluster-kafka-1 2/2 Running 0 2d13h
kafka-strimzi-18 my-cluster-kafka-2 2/2 Running 0 2d13h
kafka-strimzi-18 my-cluster-zookeeper-0 1/1 Running 50 2d1h
kafka-strimzi-18 my-cluster-zookeeper-1 1/1 Running 16 2d1h
kafka-strimzi-18 my-cluster-zookeeper-2 1/1 Running 0 2d1h
kafka-strimzi-18 strimzi-cluster-operator-6c9d899778-nkd9q 1/1 Running 0 3d4h
kube-system kube-dns-869d587df7-7whsm 3/3 Running 0 3d4h
kube-system kube-dns-869d587df7-z659j 3/3 Running 0 3d4h
kube-system kube-dns-autoscaler-645f7d66cf-r9ttj 1/1 Running 0 3d4h
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-nod-9dff1786-x4wz 1/1 Running 0 3d4h
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-pre-19639e01-7jsz 1/1 Running 0 2d13h
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-pre-19639e01-cnl2 1/1 Running 0 3d4h
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-pre-19639e01-f6cb 1/1 Running 0 3d4h
kube-system kube-proxy-gke-my-gke-cluster-my-gke-cluster-pre-19639e01-vw9d 1/1 Running 0 3d4h
kube-system l7-default-backend-678889f899-fvswg 1/1 Running 0 3d4h
kube-system metrics-server-v0.3.6-7b7d6c7576-msl8x 2/2 Running 0 3d4h
monitoring alertmanager-main-0 2/2 Running 0 13h
monitoring alertmanager-main-1 2/2 Running 0 13h
monitoring alertmanager-main-2 2/2 Running 0 13h
monitoring grafana-58dc7468d7-vnsbh 1/1 Running 0 13h
monitoring kube-state-metrics-765c7c7f95-fhkls 3/3 Running 0 13h
monitoring node-exporter-bjq6x 2/2 Running 0 13h
monitoring node-exporter-d7dx8 2/2 Running 0 13h
monitoring node-exporter-ddmxd 2/2 Running 0 13h
monitoring node-exporter-mj6tx 2/2 Running 0 13h
monitoring node-exporter-psf45 2/2 Running 0 13h
monitoring prometheus-adapter-5cd5798d96-fkd75 1/1 Running 0 13h
monitoring prometheus-k8s-0 3/3 Running 1 12h
monitoring prometheus-k8s-1 3/3 Running 1 12h
monitoring prometheus-operator-5f75d76f9f-xtgqz 1/1 Running 0 2d5h
-
Enable the cluster operator to watch the other namespace
+ - strimzi-0.18.0/install/cluster-operator/050-Deployment-strimzi-cluster-operator.yamlkubectl apply -k strimzi/overlays/kafka-strimzi-18 -
Deploy new
Kafkacluster andKafkaMirrorMaker2in the other namespacekafka-strimzi-18-stagingkubectl apply -k strimzi/overlays/kafka-strimzi-18-staging -
Clean up
kubectl delete -k strimzi/overlays/kafka-strimzi-18-staging
-
Install metrics-server
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml -
Apply an apache application
kubectl apply -f https://k8s.io/examples/application/php-apache.yaml -
Set autoscale by kubectl
kubectl autoscale deployment php-apache --cpu-percent=50 --min=1 --max=10 -
Increase load -> confirm HPA is working
kubectl run -i --tty load-generator --rm --image=busybox --restart=Never -- /bin/sh -c "while sleep 0.01; do wget -q -O- http://php-apache; done"kubectl get hpa NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE php-apache Deployment/php-apache 76%/50% 1 10 7 4m10s
Steps:
- Prometheus Operator:
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/master/bundle.yaml - Prometheus:
kubectl create ns monitoring; kubectl apply -k prometheus-operator -n monitoring - RabbitMQ Operator:
kubectl apply -f https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml - RabbitMQ:
kubectl apply -f autoscaler/hpa/custom-metrics/rabbitmq/rabbitmq-cluster.yaml kubectl apply -f autoscaler/hpa/custom-metrics/rabbitmq/pod-monitor-rabbitmq.yaml - RabbitMQ producer:
kubectl apply -f autoscaler/hpa/custom-metrics/rabbitmq-producer-cronjob.yaml - RabbitMQ consumer:
kubectl apply -f autoscaler/hpa/custom-metrics/rabbitmq-consumer-deployment.yaml - Prometheus-Adapter: Extend the Kubernetes custom metrics API with the metrics. (https://github.com/kubernetes-sigs/prometheus-adapter)
cd autoscaler/hpa/custom-metrics/k8s-prom-hpa touch metrics-ca.key metrics-ca.crt metrics-ca-config.json make certs cd - kubectl create -f autoscaler/hpa/custom-metrics/k8s-prom-hpa/custom-metrics-api - Apply HPA
kubectl apply -f autoscaler/hpa/custom-metrics/rabbitmq-consumer-hpa.yaml
https://github.com/kelseyhightower/kubernetes-the-hard-way
-
Create Helm chart.
helm create <chart-name e.g. helm-example> -
Update files under
templatesandvalues.yaml -
Test apply.
helm install helm-example --debug ./helm-example -
Make a package.
helm package helm-example -
Create repository and set index.
helm repo index ./ --url https://nakamasato.github.io/helm-charts-repo -
Install a chart.
helm repo add nakamasato https://nakamasato.github.io/helm-charts-repo helm repo update # update the repository info helm install example-from-my-repo nakamasato/helm-example
- fluentd
- Jaeger
- Open Tracing
- envoy
- CoreDNS
- Linkerd
https://github.com/open-policy-agent/gatekeeper
-
Install gatekeeper
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml -
Create
ConstraintTemplate -
Create custom policy defined in the previous step.
https://github.com/open-policy-agent/conftest
-
Write policy in
policydirectory.deny[msg] { input.kind = "Deployment" not input.spec.template.spec.nodeSelector msg = "Deployment must have nodeSelector" } -
Write tests in the same directory.
test_no_nodeSelector { deny["Deployment must have nodeSelector"] with input as { "kind": "Deployment", "spec": { "template": { "spec": { "containers": [ ], } } } } } -
Run test.
conftest verify 1 tests, 1 passed, 0 warnings, 0 failures, 0 exceptions -
Validate a manifest file.
conftest test manifests/valid/deployment.yaml 1 tests, 1 passed, 0 warnings, 0 failures, 0 exceptions
- CNI
- falco
- Vitess
- Rook
- etcd
- TiKV
- gRPC
- NATS
- cloudevents
- containerd
- harbor
- cri-o
- TUF
- notaru