2019-05-30 – Cloud Native Short Takes

by

KubeCon + CloudNativecon Barcelona 2019 & related announcements

Other community updates

Deploying kubeapps helm chart on VMware Enterprise PKS (lab deployment!)

by

With the recent announcement of VMware and Bitnami joining forces, I wanted to revisit the kubeapps project on Enterprise PKS earlier today. I followed the community documentation but ran into some smaller issues (see my GitHub comments here) that were coming up in the MongoDB deployment initially.

UPDATE: At first I thought you needed to enable privileged containers in PKS but actually you don’t have to do that! There was a typo in my configuration which led to an unknown flag for the MongoDB deployment. I used the flag “mongodb.securityContext.enable=false” when deploying the Helm chart but it should have been “mongodb.securityContext.enabled=false”. Thanks to Andres from the Bitnami team for catching this! The instructions below have been updated!

Install Helm

Add the bitnami repo: 

helm repo add bitnami https://charts.bitnami.com/bitnami

Add a “kubeapps” namespace to deploy into

kubectl create namespace kubeapps

Add a Service Account to Tiller 

vi rbac-config-tiller.yaml
---
apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: tiller
   namespace: kube-system
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: tiller
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
 subjects:
 kind: ServiceAccount
 name: tiller
 namespace: kube-system 
---
kubectl create -f rbac-config-tiller.yaml

Leverage newly created service account for Tiller: 

helm init --service-account tiller

Create Service account for kubeapps-operator 

kubectl create serviceaccount kubeapps-operator 

kubectl create clusterrolebinding kubeapps-operator \
--clusterrole=cluster-admin \
--serviceaccount=default:kubeapps-operator

kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{.secrets[].name}') -o jsonpath='{.data.token}' | base64 --decode

Copy the secret for use in the kubeapps dashboard later on.

Since NSX-T brings an out-of-the-box capability for exposing kubeapps to an external IP address, we can use LoadBalancer and skip the port-forwarding section of the documentation. Following what I found in another bug, I set some extra flags for disabling IPv6:

helm install --name kubeapps --namespace kubeapps bitnami/kubeapps \
--set frontend.service.type=LoadBalancer \
--set mongodb.securityContext.enabled=false \
--set mongodb.mongodbEnableIPv6=false

After a few minutes, the deployed services & deployments should be up and running:

Follow then part three of the instructions to access the dashboard.

2019-05-13 – Cloud Native Short Takes

by

Hello everyone and welcome to my first Cloud Native Short Take. Following the spirit from my previous efforts, I’d like to share some interesting links and observations that I came across recently. So, lets get right into it:

  • Red Hat Summit carried some interesting updates for customers that run OpenShift on VMware today or plan to do it in the future. There was a joint announcement of a reference architecture for OpenShift on the VMware SDDC. Read more about it on the VMware Office of the CTO Blog, the VMware vSphere Blog as well as the Red Hat Blog.
  • Speaking of announcements, GitHub just announced “GitHub Package Registry” – a new service that will users allow to bring their packages right to their code. As GitHub puts it: “GitHub Package Registry is a software package hosting service, similar to npmjs.org, rubygems.org, or hub.docker.com, that allows you to host your packages and code in one place. “
  • My friends at Wavefront launched a new capability around observability in microservices land. Check out their blogpost around Service Maps in their Wavefront 3D Observability offering that combines metrics, distributed tracing and histograms. There is also a pretty cool demo on Youtube linked from that post – it’s beautiful!
  • Following the motto “Kubernetes, PKS, and Cloud Automation Services – Better Together!”, the VMware Cloud Automation Services team released a beta integration with Enterprise PKS. Read more about it on their blog and watch the webinar for more details.
  • My friend Cormac is a fantastic resource in all-things cloud-native storage these days. And thankfully, he shares lots of his own discoveries on his blog. His latest post is focused on testing Portworx’ STORK for doing K8s volume snapshots in an on-prem vSphere environment. Read more about it here. Looking forward to the next post which will include some integration testing with Velero.
  • Speaking of Velero (formerly known as Ark), this project is heading to a version 1.0 release! I am very excited for the team! You can find the first Release Candidate here.
  • And coming back to Cormac’s blog – he just released a “Getting started with Velero 1.0-RC1” blogpost with his test deployment running Cassandra on PKS on vSphere (leveraging Restic).
  • The Kubernetes 1.15 enhancement tracking is now locked down. You can find the document on Google Docs
  • I came across an interesting talk on InfoQ titled “The Life of a Packet through Istio”
  • Another interesting announcement came from Red Hat and Microsoft around a project called KEDA. KEDA “allows for fine grained autoscaling (including to/from zero) for event driven Kubernetes workloads. KEDA serves as a Kubernetes Metrics Server and allows users to define autoscaling rules using a dedicated Kubernetes custom resource definition”. A very interesting project, check out the blogpost and a TGIK episode from Kris Nóva last Friday.
  • There is some useful material around the Certified Kubernetes Administrator exam in this little study guide
  • Oh and speaking of enablement: I can only recommend you check out the freshly published book “Cloud Native Patterns” by the amazing Cornelia Davis on Manning.com. I have been following the development of that book via the “MEAP” program and it’s a pretty great source of information!
  • Several thoughts on choosing the right Serverless Platform

Restarting “CNA Weekly” as “Cloud Native Short Takes” & shutting down the newsletter

by

First of all, I’d like to thank all of you very much for your interest in my “CNA weekly”.
As you might have noticed, I haven’t shared any updates recently. That’s not because there aren’t any news, it’s more related to the format.

After reconsidering various options, I decided to delete my tinyletter account and continue (actually restart) my efforts on my blog at http://bit.ly/cna-shorttakes. You can subscribe via RSS (http://blog.think-v.com/?feed=rss2) e.g. via feedly (if you don’t know it, check it out!) or follow me on Twitter (https://twitter.com/bbrundert). Other options to continue receiving the content via email include RSS-to-email services like Blogtrottr or IFTTT

Thanks again to all of you! 

Take care,
Bjoern

Operationalizing VMware PKS with BOSH – how to get started

by

I have installed VMware PKS in a variety of environments and I typically show something that helps Platform Operators running PKS to dive even deeper into the status of PKS components beyond the pks cli. One of the key lifecycle components in PKS is called BOSH. BOSH deploys Kubernetes masters and workers and performs a number of other tasks. So how do you get access to BOSH in the easiest way?

Step 1)

  • Login to the Ops Manager VM via ssh: ssh ubuntu@your.opsmanager.com  

Step 2)

  • Open Ops Manager and click on the BOSH Director tile: 
  • Click on the “Credentials” Tab and search for “BOSH Commandline Credentials”:
  • You will see an output similar like this one: 
    {"credential":"BOSH_CLIENT=ops_manager 
BOSH_CLIENT_SECRET=ABCDEFGhijklmnopQRSTUVWxyz 
BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate 
BOSH_ENVIRONMENT=192.168.1.100 bosh "}
  • Copy and paste that line and reformat it the following way: 
    BOSH_CLIENT=ops_manager 
BOSH_CLIENT_SECRET=ABCDEFGhijklmnopQRSTUVWxyz 
BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate 
BOSH_ENVIRONMENT=192.168.1.100

     

  • Easiest way to get started every time is to make it part of your .bashrc configuration by doing the following:
    • edit your .bashrc and append the outputs from above like this:
    • export BOSH_CLIENT=ops_manager 
export BOSH_CLIENT_SECRET=ABCDEFGhijklmnopQRSTUVWxyz 
export BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate 
export BOSH_ENVIRONMENT=192.168.1.100
    • logout and login again (or just run the export commands on the CLI manually once)

 

  • Some example commands on how to interact with BOSH (and a nice cheat sheet at https://github.com/DennyZhang/cheatsheet-bosh-A4):
  • bosh deployments
PKS=$(bosh deployments | grep ^pivotal | awk '{print $1;}')
bosh -d $PKS vms
bosh -d $PKS instances
bosh -d $PKS tasks
bosh -d $PKS tasks -ar
bosh -d $PKS task 724
bosh -d $PKS task 724 --debug

CLUSTER=$(bosh deployments | grep ^service-instance | awk '{print $1;}')
bosh -d $CLUSTER vms
bosh -d $CLUSTER vms --vitals
bosh -d $CLUSTER tasks --recent=9
bosh -d $CLUSTER task 2009 --debug
bosh -d $CLUSTER ssh master/0
bosh -d $CLUSTER ssh worker/0
bosh -d $CLUSTER logs
bosh -d $CLUSTER cloud-check

     

  • Advanced users: you can also install the BOSH CLI on and admin VM and run from there:
    • Download from https://github.com/cloudfoundry/bosh-cli/releases
    • Copy the certificate from the Ops Manager VM (/var/tempest/workspaces/default/root_ca_certificate) to your admin VM and edit the .bashrc environment variables accordingly