$ sudo systemctl stop docker $ sudo touch /etc/docker/daemon.json
{
"bip": "192.168.1.5/24",
"fixed-cidr": "192.168.1.5/25"
}
$ sudo systemctl start docker
Check your docker0 ip address now:
$ ip addr
Tag: docker
Copy file/files to docker container using tar
tar -c foo.sh | docker exec -i theDockerContainer /bin/tar -C /tmp -x
Run containerized python app in kubernetes
First of all we need a Docker image that will be run inside the kubernetes cluster. So I assumed that we already have a kubernetes cluster. So the next we do is to build the docker image or you can use your docker image yourself.
But in this tutorial, I will show you how to run the containerized python app with my version from the start.
What we need
These applications should be installed on your local machine before get started. In my case, I use my remote server with ubuntu 16.04 installed.
1. Docker
2. Kubernetes
Build docker image
Let’s begin with clone of of my repo that contains Dockerfile to build the image:
$ git clone https://github.com/muffat/docker-images.git
$ cd docker-images/simple-python-app/ ~/docker-images/simple-python-app$ sudo docker build -t simple .
Wait until the process successfully built. And then you’ll see a new docker image when you type this command:
$ docker images
Push docker image to repository (docker hub)
Before pushing the image to docker hub, we need to tag the successfully built image.
$ docker tag fbd064597ae4 cerpin/simple:1.0
Push the image
$ docker push cerpin/simple The push refers to a repository [docker.io/cerpin/simple] bc69ee44ef1a: Pushed 7957c9ab59bb: Pushed 2366fc011ccb: Pushed b18f9eea2de6: Pushed 6213b3fcd974: Pushed fa767832af66: Pushed bcff331e13e3: Mounted from cerpin/test 2166dba7c95b: Mounted from cerpin/test 5e95929b2798: Mounted from cerpin/test c2af38e6b250: Mounted from cerpin/test 0a42ee6ceccb: Mounted from cerpin/test
After it pushed. You will have the docker image in the repository and ready to use it:
cerpin/simple:1.0
Run the image in kubernetes
First of all, I’m not a big fan of kubectl command, so I usually make a symlink to create the shorter version of kubectl:
$ sudo ln -s /usr/bin/kubectl /usr/bin/cap
Run the docker image in kubernetes
$ cap run simple --image=cerpin/simple:1.0
Then the container will be created. Just wait a moment until the state becomes Running
$ cap get pods simple-79d85db8b9-466kd 1/1 Running 0 26m
After it’s ready, expose the service with port 5002 to become LoadBalancer. So the service will be accessible from the outside world
$ cap expose deployment simple --type=LoadBalancer --port=5002
Check the service that has been exposed:
$ cap get services simple LoadBalancer 10.105.115.251 <pending> 5002:31969/TCP 21m
You will see that the service will have forwarded port to 31969 from 5002.
If you open up the browser and navigate to http://external IP:31969, you’ll see the app is running.
Or, just use a curl command instead:
$ curl http://167.xxx.xxx.xxx:31969
{
"message": "welcome",
"status": "ok"
}
Setup Kubernetes on Ubuntu 16.04
Summary
This setup is supposedly to install the kubernetes on ubuntu machine with version 16.04 (64bit). I did this in the cloud and have worked perfectly.
# whoami && pwd root /root # apt-get update # apt-get install -y apt-transport-https # curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - # echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
# apt-get update -y # apt install docker.io # apt-get install -y kubelet kubeadm kubernetes-cni
Check the swaps, if there any, swith them off
# /proc/swaps
Init kubernetes for the first time using kubeadm:
# kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=<private IP>
*Note: Change <private IP> to <public IP>, if you run the kubernetes master on single node and wish to publicly open.
# cp /etc/kubernetes/admin.conf $HOME/ # export KUBECONFIG=$HOME/admin.conf # echo "export KUBECONFIG=$HOME/admin.conf" | tee -a ~/.bashrc
Check pods status, wait until all running
# kubectl get pods --all-namespaces
When their status are RUNNING, moving forward install the network/flannel. Please choose between these two below, I prefer to use the calico one (the second).
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml # kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml # or # kubectl apply -f https://docs.projectcalico.org/v2.6/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml
Continue to taint the nodes:
# kubectl taint nodes --all node-role.kubernetes.io/master-
Install kubernetes dashboard
# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
Create user dashboard
create-user.yml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system
create-role.yml
apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
# kubectl create -f create-user.yml # kubectl create -f create-role.yml
# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
How to set the kubernetes dashboard to publicly accessible with public IP
Read this : https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard—1.7.X-and-above
References
Create docker image and push to AWS ECR
Image tag : test-image
awsudo -u aws-profile aws ecr get-login --no-include-email --region ap-southeast-1
sudo docker build -t test-image .
sudo docker tag codebuild:test-image 743977200366.dkr.ecr.ap-southeast-1.amazonaws.com/codebuild:test-image
sudo docker push 743977200366.dkr.ecr.ap-southeast-1.amazonaws.com/codebuild:test-image
Install Docker on Fedora 28
$ sudo wget -P /etc/yum.repos.d/ https://download.docker.com/linux/fedora/docker-ce.repo $ sudo dnf install docker-ce -y
$ sudo systemctl start docker $ sudo systemctl docker ps -a
Fix cannot access internet in your docker container
I use docker for testing environment. Somehow I found out that the docker container cannot access the internet and the solution is really simple:
$ sudo ifconfig docker0 down $ sudo service docker restart $ sudo ifconfig docker0 up
Or
$ sudo vim /etc/default/docker DOCKER_OPTS="--dns 10.10.4.14 --dns 8.8.8.8 --dns 8.8.4.4"
Which:
10.10.4.14 in my localhost/laptop
Kubernetes cheatsheet
To list all deployments:
kubectl get deployments --all-namespaces
To delete deployment:
kubectl delete -n NAMESPACE deployment DEPLOYMENT
To get admin user token dashboard
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Allow master to run pod
kubectl taint nodes --all node-role.kubernetes.io/master-
To join master node
kubeadm join --token <some-token> <host-master>:6443 --discovery-token-ca-cert-hash sha256:<some-sha256-hash>
Docker command cheatsheet
docker build image
$ sudo docker build -t image-name .
docker to start a container from image
$ sudo docker run -itd --name jenkins --publish 8080:8080 --publish 50000:50000 jenkins
docker to get inside the container
$ sudo docker exec -it jenkins bash
docker stop container
$ sudo docker stop image-id/name
docker remove container
$ sudo docker rm image-id/name
docker remove containers based on specific image name/tag
sudo docker ps -a | awk '{ print $1,$2 }' | grep centos:7 | awk '{print $1 }' | xargs -I {} sudo docker rm {}
docker remove image
$ sudo docker rmi image-id
docker remove images with no tag
$ sudo docker rmi $(sudo docker images --filter "dangling=true" -q --no-trunc)
Setup docker + jenkins + nginx
Let’s setup jenkins with docker with local url : jenkins.local
First, add local url to /etc/hosts
$ sudo echo -e "127.0.0.1\tjenkins.local" >> /etc/hosts
Install docker and pull newest jenkins image
$ sudo apt-get install docker.io $ sudo docker pull jenkins $ sudo docker run -itd --name jenkins --publish 8080:8080 --publish 50000:50000 jenkins
Setup nginx
$ sudo vim /etc/nginx/conf.d/jenkins.conf
nginx conf:
server {
listen 80;
server_name jenkins.local;
charset utf-8;
gzip_vary on;
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
Save config and restart nginx
$ sudo service nginx restart
Open browser, and navigate to http://jenkins.local