Lab 1 - Setup
In the first lab, you will setup your computer for the following laboratories. Here are some services that we will install:
- Local Kubernetes cluster
- Crossplane
- LocalStack
0. Requisites
Before begining with this laboratory, it is neccessary to have the installed and configured the following elements:
- Linux, WSL or Linux VM.
- Docker.
- Helm
- Github Client
1. Kubernetes
Although there are many easy of ways for deploying a Kubernetes cluster (Docker Desktop, Minikube, Kind, Rancher Desktop, ...), we have selected k3d because it is ver fast and easy to install.
Info
k3d is a lightweight wrapper to run k3s (Rancher Lab’s minimal Kubernetes distribution) in docker.
k3d makes it very easy to create single- and multi-node k3s clusters in docker, e.g. for local development on Kubernetes.
-
Install k3d cli.
1curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash -
Create a k3d cluster with 1 master and 2 workers with a registry.
1k3d cluster create --agents 2 --servers 1 --registry-create k3d-local-registry:0.0.0.0:5432 -
Obtain the local IP address of your computer.
1LOCAL_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p') -
Add "LOCAL_IP:5432" to "insecure-registries" in Docker.
Warning
This is necessary, so we can use the Image registry created by k3d.
-
When you have finished the workshop, you should delete the Kubernetes cluster.
1k3d cluster delete
2. Crossplane
-
Install Crossplane.
1 2 3 4 5 6
kubectl create namespace crossplane-system helm repo add crossplane-stable https://charts.crossplane.io/stable helm repo update helm install crossplane --namespace crossplane-system crossplane-stable/crossplane -
Wait until Crossplane is ready.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
kubectl get all -n crossplane-system ... NAME READY STATUS RESTARTS AGE pod/crossplane-rbac-manager-5bf768f5dc-m5fvr 1/1 Running 0 34s pod/crossplane-7545d9567-wntct 1/1 Running 0 34s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/crossplane-rbac-manager 1/1 1 1 34s deployment.apps/crossplane 1/1 1 1 34s NAME DESIRED CURRENT READY AGE replicaset.apps/crossplane-rbac-manager-5bf768f5dc 1 1 1 34s replicaset.apps/crossplane-7545d9567 1 1 1 34s -
Install Crossplane cli.
1curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | sh -
Install AWS provider.
1kubectl crossplane install provider crossplane/provider-aws:v0.21.0 -
Wait until AWS provider is ready.
1 2 3 4 5
kubectl get providers.pkg.crossplane.io ... NAME INSTALLED HEALTHY PACKAGE AGE crossplane-provider-aws True True crossplane/provider-aws:v0.21.0 4m38s -
Create AWS credentials for crossplane.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
cat <<EOF | kubectl apply -f - --- apiVersion: v1 kind: Secret metadata: name: localstack-creds namespace: crossplane-system type: Opaque data: credentials: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gdGVzdAphd3Nfc2VjcmV0X2FjY2Vzc19rZXkgPSB0ZXN0Cg== --- apiVersion: aws.crossplane.io/v1beta1 kind: ProviderConfig metadata: name: default spec: endpoint: hostnameImmutable: true url: type: Static static: http://localstack.awslocal.svc.cluster.local:4566 credentials: source: Secret secretRef: namespace: crossplane-system name: localstack-creds key: credentials EOF -
List all Crossplane CRDS available.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
kubectl get crds | grep aws | sort ... activities.sfn.aws.crossplane.io 2022-01-05T12:14:06Z addons.eks.aws.crossplane.io 2022-01-05T12:14:07Z addresses.ec2.aws.crossplane.io 2022-01-05T12:14:10Z aliases.kms.aws.crossplane.io 2022-01-05T12:14:06Z apimappings.apigatewayv2.aws.crossplane.io 2022-01-05T12:14:05Z apis.apigatewayv2.aws.crossplane.io 2022-01-05T12:14:08Z authorizers.apigatewayv2.aws.crossplane.io 2022-01-05T12:14:08Z backups.dynamodb.aws.crossplane.io 2022-01-05T12:14:09Z brokers.mq.aws.crossplane.io 2022-01-05T12:14:09Z bucketpolicies.s3.aws.crossplane.io 2022-01-05T12:14:06Z buckets.s3.aws.crossplane.io 2022-01-05T12:14:06Z cacheclusters.cache.aws.crossplane.io 2022-01-05T12:14:09Z cachepolicies.cloudfront.aws.crossplane.io 2022-01-05T12:14:09Z cachesubnetgroups.cache.aws.crossplane.io 2022-01-05T12:14:08Z certificateauthorities.acmpca.aws.crossplane.io 2022-01-05T12:14:10Z certificateauthoritypermissions.acmpca.aws.crossplane.io 2022-01-05T12:14:05Z certificates.acm.aws.crossplane.io 2022-01-05T12:14:07Z classifiers.glue.aws.crossplane.io 2022-01-05T12:14:05Z ...
3. LocalStack
In order to simulate AWS cloud, we will use LocalStack.
LocalStack computer is a cloud service emulator that runs in a single container on your laptop or in your CI environment. With LocalStack, you can run your AWS applications or Lambdas entirely on your local machine without connecting to a remote cloud provider!
-
Install LocalStack helm.
1 2 3 4 5 6
kubectl create namespace awslocal helm repo add localstack-repo https://helm.localstack.cloud helm repo update helm upgrade --install localstack localstack-repo/localstack -n awslocal -
Wait until LocalStack is ready.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
kubectl get all -n awslocal ... NAME READY STATUS RESTARTS AGE pod/localstack-6fb5dd88d7-chkcn 1/1 Running 0 4m2s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/localstack NodePort 10.43.185.234 <none> 4566:31566/TCP,4571:31571/TCP 4m2s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/localstack 1/1 1 1 4m2s NAME DESIRED CURRENT READY AGE replicaset.apps/localstack-6fb5dd88d7 1 1 1 4m2s -
Configure LocalStack to your be accessible by your local machine.
1 2 3
kubectl port-forward -n awslocal service/localstack 34566:4566 > /dev/null 2>&1 & alias awslocal="AWS_ACCESS_KEY_ID='test' AWS_SECRET_ACCESS_KEY='test' AWS_DEFAULT_REGION='us-east-1' aws --endpoint-url=http://localhost:34566" -
Test awscli.
1 2 3 4 5 6 7 8 9 10
awslocal s3api list-buckets ... { "Buckets": [], "Owner": { "DisplayName": "webfile", "ID": "bcaf1ffd86f41161ca5fb16fd081034f" } }
4. ArgoCD
-
Install ArgoCD.
1 2 3
kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml -
Wait until ArgoCD is ready.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
kubectl get all -n argocd ... NAME READY STATUS RESTARTS AGE pod/argocd-redis-5b6967fdfc-cjbdt 1/1 Running 0 5m4s pod/argocd-repo-server-656c76778f-6vz2t 1/1 Running 0 5m4s pod/argocd-application-controller-0 1/1 Running 0 5m3s pod/argocd-dex-server-66f865ffb4-twwnk 1/1 Running 0 5m4s pod/argocd-server-cd68f46f8-bn2fm 1/1 Running 0 5m4s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/argocd-dex-server ClusterIP 10.43.85.30 <none> 5556/TCP,5557/TCP,5558/TCP 5m5s service/argocd-metrics ClusterIP 10.43.250.61 <none> 8082/TCP 5m5s service/argocd-redis ClusterIP 10.43.175.128 <none> 6379/TCP 5m5s service/argocd-repo-server ClusterIP 10.43.183.205 <none> 8081/TCP,8084/TCP 5m5s service/argocd-server ClusterIP 10.43.35.2 <none> 80/TCP,443/TCP 5m5s service/argocd-server-metrics ClusterIP 10.43.197.134 <none> 8083/TCP 5m4s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/argocd-redis 1/1 1 1 5m4s deployment.apps/argocd-repo-server 1/1 1 1 5m4s deployment.apps/argocd-dex-server 1/1 1 1 5m4s deployment.apps/argocd-server 1/1 1 1 5m4s NAME DESIRED CURRENT READY AGE replicaset.apps/argocd-redis-5b6967fdfc 1 1 1 5m4s replicaset.apps/argocd-repo-server-656c76778f 1 1 1 5m4s replicaset.apps/argocd-dex-server-66f865ffb4 1 1 1 5m4s replicaset.apps/argocd-server-cd68f46f8 1 1 1 5m4s NAME READY AGE statefulset.apps/argocd-application-controller 1/1 5m4s -
Install also ArgoCD CLI in you computer.
1 2 3
sudo curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 sudo chmod +x /usr/local/bin/argocd -
Change ArgoCD credentials.
1 2 3 4
kubectl -n argocd patch secret argocd-secret \ -p '{"stringData": {"admin.password": "$2a$10$mivhwttXM0U5eBrZGtAG8.VSRL1l9cZNAmaSaqotIzXRBRwID1NT.", "admin.passwordMtime": "'$(date +%FT%T)'" }}' -
Expose ArgoCD UI.
1kubectl port-forward svc/argocd-server -n argocd 10443:443 > /dev/null 2>&1 & -
Login with ArgoCD CLI.
1argocd login localhost:10443 --username admin --password admin --insecure -
Finally, in order to test it, open ArgoCD UI in your browser.