Quickstart: Kubernetes on Digital Ocean

Background

Surely this can be applied to other managed Kubernetes Services. But this is a quick guide for what to do after you spin up a Kubernetes Cluster with Digital Ocean’s managed offering.

First Steps

Follow Digital Ocean’s quickstart: https://www.digitalocean.com/docs/kubernetes/quickstart/

Download the kubectl config and put it at ~/.kube/config. You can run these commands then open the config to paste the contents:

mkdir -p ~/.kube && \
chmod 770 ~/.kube && \
touch ~/.kube/config && \
chmod 660 ~/.kube/config

Useful tools

Install Helm

Helm makes deployments as easy as they can be with Kubernetes. They have tons of charts.

1. Create a a YAML file with this content to create RBAC (a service account) objects for Helm:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

Note: This is risky in terms of security as it gives Helm the cluster-admin role. You have been warned.

2. Create and init Helm:

kubectl create -f /path/to/above/yaml/file && \
helm init --service-account tiller --upgrade && \
helm version

You should get output like this (focus on the server bit):

Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}

Install The Kubernetes Dashboard

1. Create RBAC objects for the dashboard:

kubectl create serviceaccount --namespace kube-system kubernetes-dashboard && \
kubectl create clusterrolebinding --namespace kube-system kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=default:kubernetes-dashboard && \
kubectl describe secret $(kubectl get secret | grep cluster-admin-dashboard | awk '{print $1}')

More info here

2. Use Helm to install the dashboard:

helm install --name kubernetes-dashboard --namespace kube-system stable/kubernetes-dashboard

3. Verify the release is installed by running:

helm ls

You should see this:

kubernetes-dashboard	1       	Sat Nov  3 02:26:32 2018	DEPLOYED	kubernetes-dashboard-0.7.5	1.10.0     	kube-system

4. Open a local a proxy tunnel in it’s own tty:

kubectl proxy

5. Connect to the dashboard in your browser: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
6. Obtain a token through the CLI to use to authenticate to the dashboard. Follow instructions here: https://github.com/kubernetes/dashboard/wiki/Access-control#bearer-token The name of the secret is partly dynamically generated. The command I ran to obtain my secret was:

kubectl -n kube-system describe secret kubernetes-dashboard-token-stdb2

Kubewatch

Kubewatch is a cool tool that’ll send you alerts about changes in your cluster, through Slack.

• https://github.com/helm/charts/tree/master/stable/kubewatch

References

• https://assets.digitalocean.com/white-papers/running-digitalocean-kubernetes.pdf
• https://docs.giantswarm.io/guides/install-kubernetes-dashboard/#create-a-cluster-admin-service-account

Dashboard

• https://github.com/helm/charts/tree/master/stable/kubernetes-dashboard
• https://github.com/kubernetes/dashboard/wiki/Access-control#bearer-token