Giters

BalinLin / docker-cats_k8s

k8s settings.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

kubernetes: v1.25.3 Minicube: v1.28.0

About the project

image

Before running the project.

minikube start --network-plugin=cni
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/calico.yaml

  • (Optional) Install OpenLens and kubens

  • (Optional) Create registry secret and .yaml

kubectl create secret docker-registry <your-secret-name> --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email> --output=yaml > <your-yaml-filename>

Run the project.

  1. Change the image path in docker-cats.yaml to your registry

  2. Create a namespace call docker-cats

kubectl create namespace docker-cats
  1. Change current namespace
kubens docker-cats
  1. Enable addons
minikube addons enable ingress # ingress
minikube addons enable metrics-server # hpa
  1. Apply all the .yaml
kubectl apply -f docker-cats.yaml
kubectl apply -f docker-cats-configmap.yaml
kubectl apply -f docker-cats-ingress.yaml
kubectl apply -f docker-cats-network.yaml
  1. Direct the ingress domain name to localhost in order to test ingress.
# You can also modify your `/etc/hosts` by `sudo vim`
sudo -- sh -c 'echo "127.0.0.1 baby.com" >> /etc/hosts'
sudo -- sh -c 'echo "127.0.0.1 green.com" >> /etc/hosts'
sudo -- sh -c 'echo "127.0.0.1 dark.com" >> /etc/hosts'
  1. Run minikube tunnel to enable http and https port
# The service/ingress docker-cats-ingress requires privileged ports to be exposed: [80 443]
minikube tunnel
  1. Open your browser and paste the following URL
http://baby.com/
http://green.com/
http://dark.com/
  1. Test for liveness probe
kubectl exec -it <pod name> -- sh

# Ref: https://stackoverflow.com/questions/11583562/how-to-kill-a-process-running-on-particular-port-in-linux
lsof -i:8080
kill <busybox PID>
  1. Test for HPA
while true; do curl http://baby.com; done
  1. Test network policy
  • Try to modify docker-cats-network.yaml and apply it to see the difference.
  • If you are able to visit the URL in step 8 which means your ingress is open to your host.
  • If you are not able to use wget to download external file via the internet which means your egress is not open to the external address.
# enter your pod and test egress
kubectl exec -it <pod name> -- sh
wget http://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz

About

k8s settings.