Quickstart: Kubernetes on Digital Ocean

Background

Surely this can be applied to other managed Kubernetes Services. But this is a quick guide for what to do after you spin up a Kubernetes Cluster with Digital Ocean’s managed offering.

First Steps

Follow Digital Ocean’s quickstart: https://www.digitalocean.com/docs/kubernetes/quickstart/

Download the kubectl config and put it at ~/.kube/config. You can run these commands then open the config to paste the contents:

mkdir -p ~/.kube && \
chmod 770 ~/.kube && \
touch ~/.kube/config && \
chmod 660 ~/.kube/config

Useful tools

Install Helm

Helm makes deployments as easy as they can be with Kubernetes. They have tons of charts.

  1. Create a a YAML file with this content to create RBAC (a service account) objects for Helm:
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: tiller
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: tiller
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
      - kind: ServiceAccount
     name: tiller
     namespace: kube-system
    

    Note: This is risky in terms of security as it gives Helm the cluster-admin role. You have been warned.

  2. Create and init Helm:
kubectl create -f /path/to/above/yaml/file && \
helm init --service-account tiller --upgrade && \
helm version

You should get output like this (focus on the server bit):

Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}

Install The Kubernetes Dashboard

  1. Create RBAC objects for the dashboard:
    kubectl create serviceaccount --namespace kube-system kubernetes-dashboard && \
    kubectl create clusterrolebinding --namespace kube-system kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=default:kubernetes-dashboard && \
    kubectl describe secret $(kubectl get secret | grep cluster-admin-dashboard | awk '{print $1}')
    

    More info here

  2. Use Helm to install the dashboard:
    helm install --name kubernetes-dashboard --namespace kube-system stable/kubernetes-dashboard
    
  3. Verify the release is installed by running:
    helm ls
    

    You should see this:

    kubernetes-dashboard	1       	Sat Nov  3 02:26:32 2018	DEPLOYED	kubernetes-dashboard-0.7.5	1.10.0     	kube-system
    
  4. Open a local a proxy tunnel in it’s own tty:
    kubectl proxy
    
  5. Connect to the dashboard in your browser: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
  6. Obtain a token through the CLI to use to authenticate to the dashboard. Follow instructions here: https://github.com/kubernetes/dashboard/wiki/Access-control#bearer-token The name of the secret is partly dynamically generated. The command I ran to obtain my secret was:
kubectl -n kube-system describe secret kubernetes-dashboard-token-stdb2

Kubewatch

Kubewatch is a cool tool that’ll send you alerts about changes in your cluster, through Slack.

  • https://github.com/helm/charts/tree/master/stable/kubewatch

References

  • https://assets.digitalocean.com/white-papers/running-digitalocean-kubernetes.pdf
  • https://docs.giantswarm.io/guides/install-kubernetes-dashboard/#create-a-cluster-admin-service-account

Dashboard

  • https://github.com/helm/charts/tree/master/stable/kubernetes-dashboard
  • https://github.com/kubernetes/dashboard/wiki/Access-control#bearer-token

© 2019. All rights reserved.

Powered by Hydejack v8.5.2