profile
viewpoint
Kelsey Hightower kelseyhightower Google, Inc Portland, OR

hashicorp/packer 11269

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.

hashicorp/nomad 6754

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.

gregsramblings/google-cloud-4-words 4138

The Google Cloud Developer's Cheat Sheet

appc/spec 1259

App Container Specification and Tooling (archived, see https://github.com/rkt/rkt/issues/4024)

bradfitz/talk-yapc-asia-2015 690

talk-yapc-asia-2015

containers/build 346

another build tool for container images (archived, see https://github.com/rkt/rkt/issues/4024)

bketelsen/captainhook 303

A generic webhook endpoint that runs scripts based on the URL called

kelseyhightower/app 272

Example 12 Facter App

GoogleCloudPlatform/cloud-code-vscode 240

Cloud Code for Visual Studio Code: Issues, Documentation and more

appc/docker2aci 188

library and CLI tool to convert Docker images to ACIs (archived, see https://github.com/rkt/rkt/issues/4024)

startedcdr/code-server

started time in a month

push eventkelseyhightower/run

Kelsey Hightower

commit sha f0c42a469b60235bb466bdd4e2ab9e74b109d94c

update Dockerfiles

view details

push time in a month

PublicEvent

issue closedkelseyhightower/kubernetes-the-hard-way

CA and Generating TLS Certificates and GoDaddy wildcard certificate

Hi! I read Provisioning a CA and Generating TLS Certificates. I have GoDaddy wildcard certificate *.myfirm.com and I want use it for Kubernetes PKI. Is it possible? How to need executing this?: {

cat > ca-config.json <<EOF { "signing": { "default": { "expiry": "8760h" }, "profiles": { "kubernetes": { "usages": ["signing", "key encipherment", "server auth", "client auth"], "expiry": "8760h" } } } } EOF

cat > ca-csr.json <<EOF { "CN": "Kubernetes", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "US", "L": "Portland", "O": "Kubernetes", "OU": "CA", "ST": "Oregon" } ] } EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

}

This need to save as xxx.yaml and execute with kubectl?! Please give me example!

closed time in 2 months

itkroplis

issue commentkelseyhightower/kubernetes-the-hard-way

CA and Generating TLS Certificates and GoDaddy wildcard certificate

It maybe possible, but I don't have the bandwidth to test it.

itkroplis

comment created time in 2 months

issue commentkelseyhightower/kubernetes-the-hard-way

CA / Certs / configuration YAML in /etc?

These are good suggestions but I would really like to avoid change dir structure unless it really contributes to the over all learning experience.

SudoBrendan

comment created time in 2 months

issue closedkelseyhightower/kubernetes-the-hard-way

CA / Certs / configuration YAML in /etc?

Hi everyone,

First, I seriously enjoyed the guide and gained a much better understanding of Kubernetes by following along and standing up my own cluster from scratch - TYVM for the assist and for continuing to keep this guide up to date!!

Nitpicking here (or trying to get a better understanding) for the decision to put all .pem, .kubeconfig, and several k8s component .yaml configuration files in /var/lib/ (steps 8/9, then referenced in later steps as well when configuring services in flags) - what was the rationale there? The Linux Filesystem Hierarchy Standard argues that no file in /var/lib should need to be modified to reconfigure a package's operation. I feel like etcd should be the only thing touching /var in this walkthrough via it's state files aside from systemd's additions to /var/log/syslog.

In my walkthrough, I migrated all these files to /etc/kubernetes without issue (in addition to updating how they are referenced in the systemd configs) in various forms on my master/worker nodes:

/etc/kubernetes/ssl/
/etc/kubernetes/kube-controller-manager/
/etc/kubernetes/kube-scheduler/
/etc/kubernetes/kube-api/
/etc/kubernetes/kubelet/
/etc/kubernetes/kube-proxy/

...though in reality, all this stuff could just be thrown in a flat /etc/kubernetes/ dir for simplicity. What do ya'll think about a change to the walkthrough to put configuration data (all certificates, kubeconfigs, and YAML configuration files) in /etc/kubernetes/, with no "kubernetes" directories at all in /var? ...or am I missing something - maybe bootstrapper tools like kubeadm also put those files there, so it's written this way for consistency?

In a related vein, I wasn't a fan of copying the same certificate files to /etc/etcd/ that also exist in /var/lib/kubernetes - I think this calls for a symlink so we don't forget to update one cert and not the other when it expires :)

I can submit a PR if this is seen as an improvement, if not, close this out - LMK.

Thanks again, really appreciated this guide!

closed time in 2 months

SudoBrendan

issue closedkelseyhightower/kubernetes-the-hard-way

Path on Google Cloud Shell has /google/google-cloud-sdk/bin before /usr/local/bin

which means that kubectl version in the prequisites doesn't return the value expected. Not sure if this is a "big deal" or not.

closed time in 2 months

gavincampbell

issue commentkelseyhightower/kubernetes-the-hard-way

Path on Google Cloud Shell has /google/google-cloud-sdk/bin before /usr/local/bin

It should be fine and I may consider using the full path to the /usr/local/bin directory.

gavincampbell

comment created time in 2 months

issue commentkelseyhightower/kubernetes-the-hard-way

Why was the Untrusted Workloads removed?

@moehajj is right. I need to keep this thing focused.

alexclarkofficial

comment created time in 2 months

issue closedkelseyhightower/kubernetes-the-hard-way

Why was the Untrusted Workloads removed?

This is more of a naive question than an issue.

I am following https://github.com/prabhatsharma/kubernetes-the-hard-way-aws and periodically cross referencing this tutorial when I have problems. I noticed Untrusted Workloads was removed from the Smoke Test lab when the tutorial was updated for Kubernetes 1.15.

I also noticed that the AWS tutorial has a Check images/pods/containers on worker nodes using crictl section in the Smoke Test lab, while this tutorial does not.

Can someone shed some light on why these sections are not present/were removed?

closed time in 2 months

alexclarkofficial

PR closed kelseyhightower/kubernetes-the-hard-way

Fix minor typo

Typo empthy => empty @ docs/09-bootstrapping-kubernetes-workers.md#disable_swap

+1 -1

0 comment

1 changed file

zevisert

pr closed time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

small fixups

The brackets where added to make it easier to copy and paste and I'm still on the fence regarding the syntax highlighting.

teknoraver

comment created time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

Added lab duration expectations

I'm going to consider this per chapter and hopefully come up with an accurate time estimate.

patpicos

comment created time in 2 months

PR closed kelseyhightower/kubernetes-the-hard-way

Fix typo

"empthy" should be "empty"

+1 -1

1 comment

1 changed file

jpmcb

pr closed time in 2 months

created tagkelseyhightower/kubernetes-the-hard-way

tag1.18.6

Bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts.

created time in 2 months

push eventkelseyhightower/kubernetes-the-hard-way

Kelsey Hightower

commit sha ca96371e4d2d2176e8b2c3f5b656b5d92973479e

Update to Kubernetes 1.18.6

view details

push time in 2 months

push eventkelseyhightower/kubernetes-the-hard-way

Kelsey Hightower

commit sha e5f500b390ee687ffdbd19ae303d46e00f166d0f

Update to Kubernetes 1.18.6

view details

push time in 2 months

PR closed kelseyhightower/kubernetes-the-hard-way

Upgrade Kube v1.16.2

This PR upgrades Kubernetes to v1.16.2 and upgrades all other components explicitly or implicitly (nginx image).

The clusterrole/clusterrolebinding are changed to rbac.authorization.k8s.io/v1

+41 -41

1 comment

8 changed files

drnic

pr closed time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

Upgrade Kube v1.16.2

This guide now uses 1.18.6

drnic

comment created time in 2 months

push eventkelseyhightower/kubernetes-the-hard-way

Kelsey Hightower

commit sha 8fd6380bbc92137f8d1cb62f00865f1b3c681d3c

Update to Kubernetes 1.18.6

view details

push time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

Fix typo

Fixed on the latest release.

stroebitzer

comment created time in 2 months

PR closed kelseyhightower/kubernetes-the-hard-way

Update 03-compute-resources.md

In the Public IP Address Section: updated with latest version of output returned by the gcloud compute addresses list... example command

+2 -2

1 comment

1 changed file

kcalmond

pr closed time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

Update 03-compute-resources.md

This has been updated in the latest release.

kcalmond

comment created time in 2 months

PR closed kelseyhightower/kubernetes-the-hard-way

Fixed typo

'empthy' > 'empty'

+1 -1

2 comments

1 changed file

scamargo

pr closed time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

Fixed typo

This will be fixed in the next update.

scamargo

comment created time in 2 months

PR closed kelseyhightower/kubernetes-the-hard-way

Resolve non-local domains in CoreDNS config

Currently CoreDNS only resolves domains in cluster.local domain. Added a forward clause to mitigate this.

+1 -0

1 comment

1 changed file

tahajahangir

pr closed time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

Resolve non-local domains in CoreDNS config

This is a good suggestion but I'm going to avoid picking a DNS forwarder for now.

tahajahangir

comment created time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

Fix spelling error in step 09.

This will be fixed on the next update.

e-blackwelder

comment created time in 2 months

push eventkelseyhightower/kubernetes-the-hard-way

Kelsey Hightower

commit sha f28bc8fecd91867859011350ca7def279ba43ce0

Update to Kubernetes 1.18.6

view details

push time in 2 months

PR closed kelseyhightower/kubernetes-the-hard-way

New branch for Proxmox/KVM procedure and with updated components (Kubernetes 1.18.4, ...)

Hello,

I adapted the tutorial so that it could be used on a Proxmox (KVM) architecture and updated some components installed in the tutorial. I think it can be a good idea to create a new branch dedicated to Proxmox (and/or KVM) architecture.

This includes a network architecture diagram.

Versions change:

  • Kubernetes (kube-apiserver, kube-controller-manager, kube-scheduler and kubectl) : 1.15.3 -> 1.18.4
  • containerd : 1.2.9 -> 1.3.4
  • cni-plugins : v0.8.2 -> v0.8.5
  • etcd : v3.4.0 -> v3.4.9
  • cri-tools : 1.15.0 -> 1.17.0

Some other minor updates has been integrated.

To choose the versions more easily I used the following release notes : https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#v1184

I tested this tutorial adaptation multiple times (and lots of minor specific debug tests carried out during the adaptation).

Don't hesitate if you have any questions or comments.

nemosupinfo ("n.hauducSUPINFO/Wirebrass" that we can see in the commits is one of my other GitHub accounts).

+895 -862

1 comment

22 changed files

nemosupinfo

pr closed time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

New branch for Proxmox/KVM procedure and with updated components (Kubernetes 1.18.4, ...)

I just don't have the bandwidth to maintain or review more than one provider for this guide. I've encourage people to create their own forks for this use case.

nemosupinfo

comment created time in 2 months

PR closed kelseyhightower/kubernetes-the-hard-way

syntax highlighting

This PR:

  • adds syntax highlighting to the shell commands and one json output
  • marks output and results as plaintext so highlighting won't be incorrectly applied
  • trims trailing whitespace

This makes it easier to read the commands in various places.

In an editor (sublime): image

In the terminal (using bat): image

Unfortunately it doesn't change how github renders syntax highlighting for shell commends too much: image

+186 -186

1 comment

14 changed files

seanlerner

pr closed time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

syntax highlighting

I might consider this in a feature version of this guide.

seanlerner

comment created time in 2 months

pull request commentkelseyhightower/kubernetes-the-hard-way

Upgrade to Ubuntu 20.04 LTS, bump up Kubernetes v1.18.0

This is fixed on the 1.18.6 branch.

ajensenwaud

comment created time in 2 months

push eventkelseyhightower/kubernetes-the-hard-way

Kelsey Hightower

commit sha 3828a1ddeb785b652ea05b7a354aacfeb3f52a02

Update to Kubernetes 1.18.6

view details

push time in 2 months

create barnchkelseyhightower/kubernetes-the-hard-way

branch : 1.18.6

created branch time in 2 months

issue commentprojectcalico/confd

Is Project Calico open to taking over confd

I'm onboard with this.

retornam

comment created time in 2 months

PR merged kelseyhightower/konfig

Cloud Run API v1

Cloud Run v1 API is now available.

Even v1alpha1 endpoint seems to return v1 response.

+21 -29

1 comment

6 changed files

drillbits

pr closed time in 3 months

push eventkelseyhightower/konfig

drillbits

commit sha b90eea939299fa6c47b650f8a9d5235d0f20d31a

Cloud Run API v1

view details

drillbits

commit sha c2d7221d2722a546623604d1b80994919ff5925b

replace vendor files in examples

view details

drillbits

commit sha eeac9098231f7f0226526724ea7b8edc8d3df457

use own project id in example

view details

drillbits

commit sha cb26c51ff7ae2f25bae444d098381da6e10a80cc

example: set project id to env vars because GOOGLE_CLOUD_PROJECT does not set in Cloud Run container

view details

push time in 3 months

more