[JAVA] Gachi beginners set up containers on Kubernetes? Until···

Participated in the "Java Küche" event!

An article that looks back on the event "Kubernetes Hackathon ~ Two days to immerse yourself in Docker and Kubernetes! ~" Held on August 23, 2019.

Teacher Microsoft Advocate: Kao Terada

Thank you very much. m (_ _) m

flow

This time, we will create a total of three resources in Azure, Ubuntu as an environment for stepping stones, the push destination of Dockerfile, and the environment for running Kubernetes.

As for the content, Create Docker image on Ubuntu. Push to Azure Container Registry (ACR). Start the container with Azure Kubernetes Service (AKS). Introduce up to.

Mr. Terada has put together the necessary files and information very neatly. GitHub link: https://github.com/yoshioterada/k8s-Azure-Container-Service-AKS--on-Azure

Alright! Let's do it!

Outlook account creation

Link: https://signup.live.com/signup

• At this time, if it is not hotmail.com, will an error occur when creating an Azure account? ??

Create an Azure account and register with a credit card

Azure login page: https://portal.azure.com/#home

• If you do not register the credit, it will be added again when you try to create an Ubuntu resource.

Create Ubuntu resources

Click "Create a resource" on the Azure console screen. Make Ubuntu 18.04 LTS version Create a new Resource grop! The virtual machine name is the same. The region is "Eastern Japan" SSH public key "password" ssh allow

Access the created Ubuntu environment with ssh.

• On the resource details screen, check the ip (public IP) when sshing. Example) ssh userName @ ipAdress

Install Docker

Reference article: https://qiita.com/myyasuda/items/cb8e076f4dba5c41afbc

sudo apt-get update

sudo apt-get install apt-transport-https ca-certificates curl software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable test edge"

sudo apt-get update

sudo apt-get install docker-ce

docker --version

Azure CLI installation

After this, I would like to cooperate with ACR and AKS. So I'll install the Azure CLI! Reference article: http://aka.ms/az-cli-install-jp curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

// The difference between creating a Dockerfile and a Docker image ...

• Dockerfile is a recipe for Docker images. How to make and materials are written.
• You can create an image with docker build. It seems.

Git Clone Dockerfile

• This time, Mr. Terada will use the one published on GitHub. Thank you so much! !! !! !! !! (>ω<)

Move cd FrontService

Take a look at the Dockerfile cat 0-Dockerfile-for-Maven

• It is difficult to download the library groups that you use a lot each time, so download them once and make them as an image. From now on, all you have to do is load the image. It is recommended to create an image for things that are likely to depend on you. It seems.

docker build -t maven-include-localrepo:1.1 . -f 0-Dockerfile-for-Maven

• It may be better to enter with sudo su.

Check if you were able to build it earlier. docker images

Creating an Azure Container Registry

// Kubernetes is an image that fetches Docker images via ACR. I think that. // Private version of docker hub Isn't it nice?

I want to push the created image to the Azure Continer Registry I mentioned earlier, so create it first.

Reference article: https://github.com/yoshioterada/DEIS-k8s-ACS/blob/master/CreateAzureContainerRegistry.md Create resource in browser Determine the registry name appropriately. The resource group is new and decided appropriately. The admin user has enabled it.

Then log in to ACR

• Log in to docker. Give the username and ACR domain as command arguments. docker login -u [user name] [xxx.azurecr.io] Enter the password after

• Required information can be confirmed with the access key on the details screen.

• Information obtained on the details screen { user : 〇〇 login-server: 〇〇〇〇.azurecr.io pass: 〇〇〇〇〇〇〇〇 }

Docker image creation and push preparation

// I have authenticated to ACR. (with docker login.)

• If you make an image, you can make a container. The actual state of movement is a container.

Mr. Terada has put together a Docker image creation and push to ACR in a .sh file (2-build-create.sh). So, it seems that you should start sh with a command. However, specify the image to push and edit the two places of the repository to push with vi!

• Edited part in vi vi 2-build-create.sh DOCKER_IMAGE=〇〇〇〇/front-spring-service DOCKER_REPOSITORY=〇〇〇〇.azurecr.io
• For DOCKER_IMAGE, ACR user name: fullund2. After /, the name of images (the name you gave here seems to be the name of the image. This time, let's go with front-spring-service!)

Push to ACR

• When you type a command, you can receive the version specification as an argument ... If it's the second time, set it to 2.0! ./2-build-create.sh [x.x]

• Check if it is pushed with your browser!

This time, let's edit the source a little and create an image as v2!

vi src/main/java/com/yoshio3/frontspring/FrontController.java Let's change the return string, which is the best of all!

Alright, let's create it based on the changed source ./2-build-create.sh 2.0

• The argument version should be 2.0.

Operation check

Launch image docker run -p 8080: 8080 -it [REPOSITORY name]: [x.x (TAG number)]

Let's open it in another tab and access it with curl to check it! curl http://localhost:8080/sample/hello

Next goal: I want to set up a container with AKS. First, go get the image in ACR!

On the Azure page, create a Create Kubernetes cluster.

Also, the resource group is new! Is the cluster name the same? Region is eastern Japan Set to Node count 1. Virtual node enabled

HTTP application ・ ・ ・ Yes

Install Kubectl command

az aks install-cli

Let's az-login

az login

• You can log in via a browser

Obtaining credentials for AKS connection

az aks get-credentials --resource-group [xxxx] --name [xxxx]

• Now you can connect to Kubernetes.

Do you want to check if the command can be used as a trial?

kubectl cluster-info And kubectl get node

I want to bring the image in ACR to Kubernetes

Kubernetes will not be able to access the ACR as it is. So, edit 3-create-secret4reg.sh with vi.

• Specifically, I want to send pull communication from AKS to ACR. It feels like the authentication is written in the 3-create-secret4reg.sh file.

kubectl create secret docker-registry docker-reg-credential --docker-server=〇〇〇〇.azurecr.io --docker-username=〇〇 --docker-password="〇〇〇〇" [email protected]

• If all goes well, check with kubectl get secret!

Alright, I think I can go get the image with this!

Correct the fetched image name

• Change to the created ACR server name and container image name. vi 4-create-deployment-svc.yaml

• Corrected part 30th line. The content to enter is a long one in docker images. After /, write ver. `` image: 〇〇〇〇.azurecr.io/〇〇/front-spring-service:1.0 `

• Correct a little below. Changed cpu 0.6 to 100m. 2 places

• If you want to get 1.0, go above template: metadata: labels: app: spring-front-service version: [Leave this as "v1"]

Alright! I was able to specify the image to go for authentication and acquisition.

Run

• You can use the apply command to fetch an image from ACR and set up a container. kubectl apply -f 4-create-deployment-svc.yaml

Check if it is running

kubectl get po -w

Operation check

• Actually, it works on the Kubernetes side, so the command to forward to lcoalhost kubectl port-forward [spring-front-service-〇〇〇〇] 8080:8080
• If it doesn't work, use docker stop to stop it.

In another tab ... curl localhost:8080/sample/hello #Results are displayed

Make v2 and apply

Duplicate 4-create-deployment-svc.yaml to get 4-create-deployment-svc-v2.yaml. Edit with vi 4-create-deployment-svc-v2.yaml -Add "-v2" to the end of name: spring-front-service on the 4th line. ・ Play with images. If you set it to: 2.0, you will see the image of v2. -Set version to v2.

kubectl apply -f 4-create-deployment-svc-v2.yaml

• Somehow, I couldn't do it without entering sudo su.

Confirmation of v2 startup

kubectl get po

// Second, it may be good to check by port-forward.

Now we have successfully set up two containers with k8s! Hooray! !!

Let's filter!

kubectl get po --selector app=[],version=[v1] -> In other words, you can write a selector to control which pod to access! !! !!

Next, let's start a v2 container with Kubernetes and update v1 to v2.

About service

Let's create a service and start it. Feeling that service mediates access to the pod? ??

When you run pod, ip is generated fixedly. How do you manage it? Manual is hard. Actually, there are other ways to access pods besides ip. It's not good that ip changes frequently, isn't it?

Deployment liver => As long as you create a service and remember this unique IP address, you can change the pod with the service selector. Let's check 11-Service.yaml!

start service

kubectl apply -f 11-Service.yaml

Verification

kubectl get svc

merit

You can move to new pods while keeping the pods that are working normally. You can return it immediately! This is the great thing about kubernetes! !! !! !! It's hard to do it yourself. Just edit yaml.

By the way

Normally, service is type: ClusterIP! !! Well, if you really want to expose it to the outside even for a moment, set type: Load Balancer. But not good. Danger. Please be careful.

-> When there are multiple services, you can branch the service to be called according to the URL by grouping them in Ingress and setting the path in the Ingress settings.

Summary: It's a good idea to publish Ingress to the outside world.

Separate URLs with Ingress! Branch the pod with service. The image is service routing. Receptionist! !!

A convenient function for operating microservices.

Modify Ingress and try launching

vi 12-Ingress.yaml Modification: -host: front-service. [〇〇〇〇.aksapp.io] The content of this fix is pasted from the browser's resource "HTTP application routing domain"

• In terms of location, is it Home> Resource Group> [k8s]> [k8s]?

Launch

kubectl apply -f 12-Ingress.yaml

Verification

kubectl get ing

access

http://[front-service.〇〇〇〇.japaneast.aksapp.io]/sample/hello

For the time being, the content of the event ends here.

The idea of design of fair

Kubernetes shouldn't be touched unless you have the mindset to make things on the premise that it will break. drop down. Reduce the range of influence. It is better to think on the premise of falling rather than trying to prevent it from falling. Consider the flow of reconstruction when it falls. How far will the Design of Fair go through? It will definitely fall.

Finally

Thank you very much, Mr. Terada! To be honest, Docker had been touching it for 30 minutes, so I somehow understood it, but Kubernetes was ignorant. Fortunately I was a mob pro, and I managed to finish it! !!

(´∀｀)

Later, the three of us did the same thing with an acquaintance. This article was created based on a successful example at that time.

It's important to repeat.

Kubernetes ... I'm glad I felt a little microservices. I want to do it again! (^ ・ ^)