A lightweight version of Kubernetes called k3s published by Rancher It is a substitute that builds a cluster using docker. For those who have already operated with docker-compose on VPS I think it is a tool that can be an alternative.
-Introduction -[Prepare Time4VPS server](Prepare # time4vps server) -[Install k3d on Time4VPS](Install k3d on # time4vps) --[Build a cluster with k3d](Build a cluster with # k3d) --[Install cert-manager on cluster](# Install cert-manager on cluster) -[Get a free domain with freenom](Get a free domain with #freenom) -[Write and deploy manifest file](#Write and deploy manifest file)
This time, because it is a test, it is as close to free as possible We will build a cluster using k3d. The server adopts the strongest overseas VPS Time4VPS, You can get a free domain for the domain I will get it with freenom. For the docker container image, use this.
First, prepare a vps server from here. By the way, the type of OS used in this article is ʻUbuntu 18.04`. When the vps contract is completed, refer to the following article and make the initial settings of Ubuntu. Ubuntu minimum initial settings
Of course, docker is required for k3d, so install docker first. If you want to install docker on Ubuntu, it is recommended to refer to this article. Install Docker on Ubuntu 18.04 (also + docker-compose)
After installing docker, do Install k3d.
curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash
Now it's time to set up a cluster with k3d.
For <your vps global ip>
, apply the vps ip you prepared.
k3d cluster create hoge-cluster --agents 2 --api-port <your vps global ip>:6550 -p 80:80@agent[0] -p 443:443@agent[0]
First, execute the following on the server side and make a note of certificate-authority-data
and the user's password.
vi ~/.kube/config
Add the cluster information, context, and user created this time to the local ~ / .kube / config
.
This will connect the local kubectl to the cluster on Time4VPS.
~/.kube/config(local)
apiVersion: v1
kind: Config
current-context: hoge-cluster
preferences: {}
clusters:
- name: hoge-cluster
cluster:
certificate-authority-data: <your certificate-authority-data in vps ~/.kube/config>
server: https://<your vps global ip>:6550
users:
- name: admin@hoge-cluster
user:
password: <your password in vps ~/.kube/config>
username: admin
contexts:
- name: hoge-cluster
context:
cluster: hoge-cluster
user: admin@hoge-cluster
*** Check if you can connect to the cluster ***
kubectl get node
NAME STATUS ROLES AGE VERSION
k3d-hoge-cluster-agent-0 Ready <none> 39m v1.18.8+k3s1
k3d-hoge-cluster-agent-1 Ready <none> 39m v1.18.8+k3s1
k3d-hoge-cluster-server-0 Ready master 39m v1.18.8+k3s1
Then install cert-manager on the cluster to deliver the service over SSL. Installation of cert-manager is super easy because the installation is completed in one manifest. Install cert-manager
I think it's a waste to get a paid domain just by trying it out in a test.
So it is convenient to get a free domain called freenom
Use the service.
The domain name to be acquired is k3d-hello-app.tk
this time.
Finally, write the manifest file and deploy it. This time, the container image uses the registry published by google as a sample for GKE. It's a lonely task because there is no image build work or push work to the remote registry. Prepare a directory to manage the manifest called k8s Let's prepare two types of manifest files.
#The directory structure looks like this
.
└── k8s
├── hello-app.yaml
└── ingress.yaml
k8s/hello-app.yaml
apiVersion: v1
kind: Service
metadata:
name: hello-app-service
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 8080
targetPort: 8080
selector:
app: hello-app
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-app-deployment
spec:
replicas: 6
selector:
matchLabels:
app: hello-app
template:
metadata:
labels:
app: hello-app
env: stage
spec:
containers:
- image: gcr.io/google-samples/hello-app:1.0
name: hello-app
ports:
- containerPort: 8080
By the way, the type of Service is Load Balancer
k3d can use type: LoadBalancer
.
Next, write a manifest file for ingress.
Replace <your mail address>
with your own email address.
k8s/ingress.yaml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-issuer
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration, update to your own.
email: <your mail address>
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-issuer
solvers:
- http01:
ingress:
class: traefik
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: letsencrypt-cert
spec:
dnsNames:
- k3d-hello-app.tk
secretName: letsencrypt-cert-tls
issuerRef:
name: letsencrypt-issuer
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hoge-cluster-ingress
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/ingress.class: "traefik"
certmanager.k8s.io/issuer: "letsencrypt-issuer"
certmanager.k8s.io/acme-challenge-type: http01
spec:
tls:
- secretName: letsencrypt-cert-tls
hosts:
- k3d-hello-app.tk
rules:
- host: k3d-hello-app.tk
http:
paths:
- path: /
backend:
serviceName: hello-app-service
servicePort: 8080
Now let's apply the manifest.
kubectl apply -f k8s -R
By the way, I don't need the -R
flag this time.
If the contents of the manifest file became huge. When it comes to something
I think it will be necessary to divide the manifest file into packages.
In such a case, if you add the -R
flag, the manifest that is divided into packages will also be
If you apply it recursively, that's what it is.
#For example, package division like this
.
└── k8s
├── hello-app.yaml
└── ingress
├── certificate.yaml
├── ingress.yaml
└── issuer.yaml
If you can apply the manifest, check it in your browser. If it is displayed as below and SSL is established, it is complete!
k3d sets up a virtual Node in one physical server Since we are building a cluster, there is no availability at the physical server tier. If one server is paused, you can do it! And the whole The services operating in that cluster will be suspended. The so-called Blast Radius is not a big deal. It's already a one-shot deathblow ww So depending on the size of your business, it may not meet your requirements at all. When focusing on saving running costs such as personal scale Isn't there a virtual cluster like k3d? In particular, I have personally used docker-compose for production! It is highly recommended for those who like.
Recommended Posts