Friday, September 1, 2017

Kubernetes the Hard Way: Update and Thoughts

Yesterday, Kelsey Hightower updated the Kubernetes the Hard Way tutorial.  With the update, the container runtime was flipped from Docker to CRI-O and there was an additional lab around secrets.

The entire tutorial is much more straight-forward, so a lot of the notes I'd been keeping for future posts are unnecesssary.  Since the tutorial flows from start to finish now, I don't see a reason to continue to post my notes as I go along.  In fact, when I ran through the new version, I didn't hit a single part that was unclear or didn't work as expected.  I'll keep the existing posts up in case someone finds them valuable.

I still highly recommend digging into each step and understanding exactly what's happening, both at the Kubernetes level and the Google Cloud Platform level... I'm a big fan of validating each step via the command line and through the GCP GUI.

Finally, you'll be running a lot of commands on either all 3 control nodes, or all 3 worker nodes.  I highly recommend learning the basics of tmux, especially how to synchronize panes.

Wednesday, August 23, 2017

Kubernetes the Hard Way: Lab 3 Notes

Kubernetes the Hard Way: Lab 3 is another fairly short and straightforward lab.

Local System Configuration

If you prefer, similar to lab 2, you could pull kubectl down through homebrew on OSX.  In that case, you have less control over the exact version you get.  As of 8/23, the version in homebrew is 1.7.4.


  • When you get to the part where you generate the bootstrap kubeconfig file, you'll need to be in the working directory where the certs from Lab 2 were generated.
  • At the completion of this lab, you've created the client kubeconfigs and distributed them to the worker nodes.

Sunday, August 20, 2017

Kubernetes the Hard Way: Lab 2 Notes

Previously, we walked through the first Kubernetes the Hard Way lab.  For the second lab, there's a lot fewer moving pieces.  Primarily, it's configuring Certificate Authorities and the certificates necessary for Kubernetes security.

Local System Configuration

The only note here is that, for OSX, I'd recommend using brew to install cfssl rather than manually installing it.
brew install cfssl
That will install both cfssl and cfssljson.

Final Notes

Overall, this lab was straightforward.  I've created a set of scripts to automate the certificate work.  They are available on GitHub.  Again, I wouldn't use them initially, but if you're standing up and tearing down the environment frequently, they may be helpful.  At the end of this lab, your infrastructure should look similar to this: