Quickstart: Kubernetes on Digital Ocean

Background

Surely this can be applied to other managed Kubernetes Services. But this is a quick guide for what to do after you spin up a Kubernetes Cluster with Digital Ocean’s managed offering.

First Steps

Follow Digital Ocean’s quickstart: https://www.digitalocean.com/docs/kubernetes/quickstart/

Download the kubectl config and put it at ~/.kube/config. You can run these commands then open the config to paste the contents:

mkdir -p ~/.kube && \
chmod 770 ~/.kube && \
touch ~/.kube/config && \
chmod 660 ~/.kube/config

Useful tools

Install Helm

Helm makes deployments as easy as they can be with Kubernetes. They have tons of charts.

  1. Create a a YAML file with this content to create RBAC (a service account) objects for Helm:
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: tiller
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: tiller
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
      - kind: ServiceAccount
     name: tiller
     namespace: kube-system
    

    Note: This is risky in terms of security as it gives Helm the cluster-admin role. You have been warned.

  2. Create and init Helm:
kubectl create -f /path/to/above/yaml/file && \
helm init --service-account tiller --upgrade && \
helm version

You should get output like this (focus on the server bit):

Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}

Install The Kubernetes Dashboard

  1. Create RBAC objects for the dashboard:
    kubectl create serviceaccount --namespace kube-system kubernetes-dashboard && \
    kubectl create clusterrolebinding --namespace kube-system kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=default:kubernetes-dashboard && \
    kubectl describe secret $(kubectl get secret | grep cluster-admin-dashboard | awk '{print $1}')
    

    More info here

  2. Use Helm to install the dashboard:
    helm install --name kubernetes-dashboard --namespace kube-system stable/kubernetes-dashboard
    
  3. Verify the release is installed by running:
    helm ls
    

    You should see this:

    kubernetes-dashboard	1       	Sat Nov  3 02:26:32 2018	DEPLOYED	kubernetes-dashboard-0.7.5	1.10.0     	kube-system
    
  4. Open a local a proxy tunnel in it’s own tty:
    kubectl proxy
    
  5. Connect to the dashboard in your browser: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
  6. Obtain a token through the CLI to use to authenticate to the dashboard. Follow instructions here: https://github.com/kubernetes/dashboard/wiki/Access-control#bearer-token The name of the secret is partly dynamically generated. The command I ran to obtain my secret was:
kubectl -n kube-system describe secret kubernetes-dashboard-token-stdb2

Kubewatch

Kubewatch is a cool tool that’ll send you alerts about changes in your cluster, through Slack.

  • https://github.com/helm/charts/tree/master/stable/kubewatch

References

  • https://assets.digitalocean.com/white-papers/running-digitalocean-kubernetes.pdf
  • https://docs.giantswarm.io/guides/install-kubernetes-dashboard/#create-a-cluster-admin-service-account

Dashboard

  • https://github.com/helm/charts/tree/master/stable/kubernetes-dashboard
  • https://github.com/kubernetes/dashboard/wiki/Access-control#bearer-token

This is a preview of Clap Button, a new feedback and analytics tools for Hydejack, built by yours truly. You can try it out on localhost for free, but it will be removed (together with this message) when building with JEKYLL_ENV=production. To use Clap Button on your site, get a subscription
and set clap_button: true in your config file.


© 2021. All rights reserved.