# KUBERNETES@RUG

## Access
Vraag een API aan via webhosting.cit@rug.nl voor toegang tot de kubernetes test omgeving.

````
cat > .kube/config <<EOF

apiVersion: v1
kind: Config
clusters:
- name: "example"
  cluster:
    server: "https://example.rug.nl:1234"
    api-version: v1

users:
- name: "user-test"
  user:
    token: "user-example:asdkfljfiwejlakjkdlasdakljdiwqdjiqw&$"

contexts:
- name: "example"
  context:
    user: "user-example"
    cluster: "example"

current-context: "example"

EOF
````

## Ingress Controller (edit)

Steps :

````
kubectl --namespace=<namespace> get ingress 
kubectl --namespace=<namespace> get ingress | grep <name>

kubectl edit --namespace=<namespace> ingress <name>

Adjust some values :

metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 10m
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "120"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "120"


save/quit

````

## Ingress WhiteList

````
kubectl edit ingress .... 

# add annotation

nginx.ingress.kubernetes.io/whitelist-source-range = "1.1.1.1/24"


````

## Ingress Basic Auth 

````
htpasswd -c passfile foo
kubectl create secret generic basic-auth --from-file=passfile
````

check secret

````
kubectl get secret basic-auth -o yaml
````

edit ingress
````
kubectl edit ingress example


metadata:
  name: ingress-with-auth
  annotations:
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'

````


## Edit Deployment

Steps :

````

kubectl --namespace=<namespace> get deployments
kubectl --namespace=<namespace> get deployment | grep <name>

kubectl edit --namespace=<namespace> deployments <name>

Adjust some values :

      hostAliases:
      - hostnames:
        - example.com
        ip: 127.0.0.1

save/quit

````



## Register SSL test environment ( only with public IP )

Register SSL with letsencrypt-issuer

````
cat > nginx.yml <<EOF
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: example-rug-nl
  namespace: default
spec:
  secretName: letsencrypt-issuer-tls
  issuerRef:
    name: letsencrypt-issuer
  dnsNames: 
  - example.rug.nl
  acme:
    config:
    - http01:
        ingress: nginx
      domains:
      - example.rug.nl
EOF
````
kubectl apply -f nginx.yml


## Simple deployment

````
cat > simple.yml <<EOF

metadata:
  name: nginx-service-example-rug-nl
spec:
  replicas: 1
  selector:
    k8s-app: nginx-service-example-rug-nl
  template:
    metadata:
      labels:
        k8s-app: nginx-service-example-rug-nl
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: nginx-service-example-rug-nl
        image: nginx:latest
        ports:
        - containerPort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: host-based-ingress
spec:
  rules:
  - host: example.rug.nl
    http:
      paths:
      - backend:
          serviceName: nginx-service-example-rug-nl
          servicePort: 80
EOF

````

kubectl -f simple.yml


## PersistentVolume

````
cat > pv.yml <<EOF
apiVersion: v1
kind: PersistentVolume
metadata:
  name: user
  labels:
    name: nfs4
spec:
  storageClassName: nfs-class
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  nfs:
    server: 1.2.3.4
    path: /
EOF
````
kubectl apply -f pv.yml


## PersistentVolumeClaim

````
cat > pvc.yml <<EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: user
spec:
  storageClassName: nfs-class
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
EOF
````

kubectl apply -f pvc.yaml

## Service

````
cat > service.yml <<EOF 
apiVersion: v1
kind: Service
metadata:
  name: service-name
  labels:
    app: service-name
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
  selector:
    app: service-name

EOF
````
kubectl apply -f service.yml

## Deployment

````
cat > deploy.yml <<EOF
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
  labels:
    app: example
spec:
  replicas: 1
  selector:
    matchLabels:
      app: example
  minReadySeconds: 10
  template:
    metadata:
      labels:
        app: example
        version: v0.2
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: example
        image: nginx
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
          protocol: TCP
        env:
          - name: WEBSERVER
            value: NGINX
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /
            port: 80
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 2
          successThreshold: 2
          timeoutSeconds: 2
        tty: true
        volumeMounts:
        - mountPath: /var/www
          name: user
      dnsPolicy: ClusterFirst
      hostAliases:
      - hostnames:
        - example.rug.nl
        ip: 127.0.0.1
      imagePullSecrets:
      - name: registry
      restartPolicy: Always
      schedulerName: default-scheduler
      terminationGracePeriodSeconds: 30
      volumes:
      - name: user
        persistentVolumeClaim:
          claimName: user
EOF
````
kubectl apply -f deploy.yml

## HTTPS

````
cat > https.yml <<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
  name: example
  namespace: default
spec:
  rules:
  - host: example.rug.nl
    http:
      paths:
      - backend:
          serviceName: example
          servicePort: 80
  tls:
  - secretName: letsencrypt-issuer-tls
    hosts:
      - example.rug.nl
EOF
````

kubectl -f apply https.yml


## Ingress annotations

### redirect SSL
````
nginx.ingress.kubernetes.io/server-snippet =

if ($http_x_ssl_enabled != "true") {
  rewrite ^ https://$host$request_uri? permanent;
}
````

### Ingress app root
Set application root to /wp

````
nginx.ingress.kubernetes.io/app-root = /wp

````


### Ingress app root force https
Set application root to /wp

````
nginx.ingress.kubernetes.io/app-root = /wp
nginx.ingress.kubernetes.io/force-ssl-redirect = true

````





## Cheat sheet

````
### cluster
kubectl get services                # List all services 
kubectl get pods                    # List all pods
kubectl get nodes -w                # Watch nodes continuously
kubectl version                     # Get version information
kubectl cluster-info                # Get cluster information
kubectl config view                 # Get the configuration
kubectl describe node <node>        # Output information about a node

### pod and container
kubectl get pods                         # List the current pods
kubectl describe pod <name>              # Describe pod <name>
kubectl get rc                           # List the replication controllers
kubectl get rc --namespace="<namespace>" # List the replication controllers in <namespace>
kubectl describe rc <name>               # Describe replication controller <name>
kubectl get svc                          # List the services
kubectl describe svc <name>              # Describe service <name>

### interacting
	
kubectl run <name> --image=<image-name>                             # Launch a pod called <name> 
                                                                    # using image <image-name>
 
kubectl create -f <manifest.yaml>                                   # Create a service described 
                                                                    # in <manifest.yaml>
 
kubectl scale --replicas=<count> rc <name>                          # Scale replication controller 
                                                                    # <name> to <count> instances
 
kubectl expose rc <name> --port=<external> --target-port=<internal> # Map port <external> to 
                                                                    # port <internal> on replication 
                                                                    # controller <name>

### stopping
kubectl delete pod <name>                                         # Delete pod <name>
kubectl delete rc <name>                                          # Delete replication controller <name>
kubectl delete svc <name>                                         # Delete service <name>
kubectl drain <n> --delete-local-data --force --ignore-daemonsets # Stop all pods on <n>
kubectl delete node <name>

### administration	
kubeadm init                                              # Initialize your master node
kubeadm join --token <token> <master-ip>:<master-port>    # Join a node to your Kubernetes cluster
kubectl create namespace <namespace>                      # Create namespace <name>
kubectl taint nodes --all node-role.kubernetes.io/master- # Allow Kubernetes master nodes to run pods
kubeadm reset                                             # Reset current state
 
kubectl get secrets  


````