rushabh31 / blogs Goto Github PK

This is a step-by-step guide to install and run Kubernetes on your Mac with Argo workflow engine so that you can develop applications locally and play around with this new framework.

• Table of Content

  • Install kubectl on macOS
  • Install hypervisor (Docker)on mac.
  • Install minikube on mac.
  • Install Argo Workflow.

• Pre-requisite

  • The only pre-requisite for this guide is that you should have Homebrew installed. Homebrew is a package manager for the Mac. You’ll also need Homebrew Cask, which you can install after Homebrew by running brew tap caskroom/cask in your Terminal.

Steps to install kubectl on macOS:

The Kubernetes command-line tool, kubectl, allows you to run commands against Kubernetes clusters. You can use kubectl to deploy applications, inspect and manage cluster resources, and view logs.

Install with Homebrew on macOS

If you are on macOS and using Homebrew package manager, you can install kubectl with Homebrew.

1. Run the installation command:

         brew install kubectl 

        OR
 
         brew install kubernetes-cli 

2. Test to ensure the version you installed is up-to-date:

kubectl version --client

Installing hypervisor (Docker):

This is the very first step after we fulfill the pre-requisite. We can use any of the following hypervisors to run Kubernetes (minikubes) on mac.

1. HyperKit- HyperKit is a toolkit for embedding hypervisor capabilities in your application. It includes a complete hypervisor, based on xhyve/bhyve, which is optimized for lightweight virtual machines and container deployment. It is designed to be interfaced with higher-level components such as the VPNKit and DataKit.

2. VirtualBox. We can also install VirtualBox by running Run brew cask install virtualbox in your Terminal. VirtualBox lets you run virtual machines on your Mac (like running Windows inside macOS, except for a Kubernetes cluster).

3. Docker - Installing docker is pretty straightforward, follow the link for setup file. Once you install docker desktop using setup file from the mentioned link, you will see docker icon your menu bar at top left corner.

Install minikube-

- Installation Steps:

The easiest way to install Minikube on macOS is using Homebrew:

brew install minikube
Once you run the above command it will install all the components of minikube for you.

**Note: If for some reasons the above installation method doesn't work then you can follow these steps:

1. You can also install it on macOS by downloading a stand-alone binary:

curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-darwin-amd64 \ && chmod +x minikube

2. Here's an easy way to add the Minikube executable to your path:

  sudo mv minikube /usr/local/bin

- Confirm minikube Installation:

To confirm successful installation of both a hypervisor and Minikube, you can run the following command to start up a local Kubernetes cluster:

 ``` javascript
 minikube start
 ```

Once minikube start finishes, run the command below to check the status of the cluster:

``` javascript
 minikube status
```

If your cluster is running, the output from minikube status should be similar to:

```
   type: Control Plane
   host: Running
   kubelet: Running
   apiserver: Running
   kubeconfig: Configured

After you have confirmed whether Minikube is working with your chosen hypervisor, you can continue to use Minikube or you can stop your cluster. To stop your cluster, run:

``` javascript
minikube stop

Install Argo Workflows:

Argo Workflows is an open-source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows is implemented as a Kubernetes CRD.

To get started quickly, you can use the quick start manifest which will install Argo Workflow as well as some commonly used components:

kubectl create ns argo
kubectl apply -n argo -f https://raw.githubusercontent.com/argoproj/argo/stable/manifests/quick-start-postgres.yaml

To run Argo Workflows locally (e.g. using Minikube or Docker for Desktop), then open a port forward so you can access the namespace:

kubectl -n argo port-forward deployment/argo-server 2746:2746

This user can access the interface on https://localhost:2746

Finally, submit an example workflow:

argo submit -n argo --watch https://raw.githubusercontent.com/argoproj/argo/master/examples/hello-world.yaml
argo list -n argo
argo get -n argo @latest
argo logs -n argo @latest

This is a step-by-step guide to help you clone a private GitHub repository inside the Pod in Kubernetes Argo workflow.

• Table of Content

  • Create a secret with .ssh keys using kubectl
  • Using secret inside YAML file to access secret.

• Pre-requisite

  • minikube or Kubernetes and Argo workflow up and running (Refer the previous blog for installation).
  • Basic understanding of Kubernetes.

What is Secrets in Kubernetes:

Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible.

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in an image.

To use a secret, a pod needs to reference the secret. A secret can be used with a Pod in three ways:

- As files in a volume mounted on one or more of its containers.
- As a container environment variable.
- By the kubelet when pulling images for the Pod.

Steps to create a Secret for .ssh keys.

We want to use the .ssh keys inside a Pod to clone a private repository and to share a .ssh keys, we need to create a secret using the below command.

_ Note: Replace below path with an original path for .ssh keys._**

1. Create a secret:

kubectl create secret generic --namespace nsname ssh-key-secret --from-file=ssh-privatekey=/path/to/.ssh/id_rsa --from file=ssh-publickey=/path/to/.ssh/id_rsa.pub

Once you create a secret using the above command, you will see the below message.

secret "ssh-key-secret" created

2. Describe a secret:

kubectl describe secret ssh-key-secret

kubectl describe secret --namespace nsname ssh-key-secret

3. Get a list of all secrets available:

To get a list of all defined secrets, you can below command.

kubectl get secret

# if you want to list all secrets in a particular namespace then use this:
kubectl get secret -n nsname

Use secrets inside YAML:

Now you can create a Pod which references the secret with the ssh key and consumes it in a volume

**Note: I am using the Argo Workflow template.

1. Creating YAML file with appropriate parameters to access secrets inside Pod:

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  name: dag-ssh-test
spec:
  entrypoint: ssh-test
  volumes:
  - name: my-secret-vol
    secret:
      secretName: ssh-key-secret

  templates:
  - name: ssh-test
    dag:
     tasks:
      - name: p1
        template: p1

  - name: p1
    container: 
      image: python:3.7.4-buster
      volumeMounts:
      - name: my-secret-vol
        mountPath: "/.ssh/"
      command:
        - "bash"
        - "-c"
        - >
          apt-get update;
          apt-get install jq -y;
         
          

2. Run the YAML file using below ARGO CLI command:

argo submit -n argo job.yaml 

When the container's command runs, the pieces of the secret key will be available in:

/.ssh/ssh-publickey
/.ssh/ssh-privatekey

The container is then free to use the secret data to establish an ssh connection.

Using above secret to clone private GitHub repository.

1. Below yaml contains code to use ssh secret to clone private GitHub repository

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  name: dag-ssh-test
spec:
  entrypoint: ssh-test
  volumes:
  - name: my-secret-vol
    secret:
      secretName: ssh-key-secret

  templates:
  - name: ssh-test
    dag:
     tasks:
      - name: p1
        template: p1

  - name: p1
    container: 
      image: python:3.7.4-buster
      volumeMounts:
      - name: my-secret-vol
        mountPath: "/.ssh/"
      command:
        - "bash"
        - "-c"
        - >
          apt-get update;
          apt-get install jq -y;
          SSH_PRIVATE_KEY=$(</.ssh/id_rsa);
          mkdir /root/.ssh;
          echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa;
          touch /root/.ssh/known_hosts;
          ssh-keyscan github.com >> /root/.ssh/known_hosts;
          chmod 400 /root/.ssh/id_rsa;
          git clone [email protected]/repo_name.git /opt/app;
          

**Note: You can access your GitHub repository at /opt/app path.