Run Kubernetes in a container with Kind

One of a Kind

So Kind

To prove that you have a Kubernetes build on which you can run workloads, install an nginx deployment. Listing 5 is the YAML configuration file. To ingest the YAML into Kubernetes, simply save the content in a file called nginx.yaml and run the command:

$ kubectl create -f nginx.yaml
deployment.apps/nginx-deployment created

Listing 5

nginx Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80

The output looks successful. To see whether pods were created, as hoped, check the default namespace (Listing 6). As requested in the YAML file, two pods are running for extra resilience.

Listing 6

Check for Pods

$ kubectl get pods -n default
NAME                               READY   STATUS    RESTARTS   AGE
nginx-deployment-585449566-99qk6   1/1     Running   0          44s
nginx-deployment-585449566-pbzg2   1/1     Running   0          44s

If you want to expose a container's service to a port on your host machine (although I haven't experimented with this yet), the process would involve something like:

Delete the cluster you have running with the command kind delete cluster.
Create a configuration file like that in Listing 7.
Create a new cluster with the command:kind create cluster

--config cluster-config.yaml

Listing 7

Host Port Configuration File

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 80
    hostPort: 80
    listenAddress: "0.0.0.0"

If you then run a tool like lsof or netstat to show open ports, the output would show that the host machine's port was opened:

docker-pr     535     root    3u  IPv4  14678 0t0 TCP *:80 (LISTEN)

If you get stuck setting that up, I'd suggest disabling iptables and then restarting Docker. I look forward to experimenting with ingress controllers and host machine ports when I get a chance. By doing so, you can then connect to your nginx pods in a meaningful way to test applications being exposed outside of the Kubernetes cluster.

The End Is Nigh

To create a full-blown Kubernetes cluster with just one command – and rapidly, at that – is a sight to behold. That the standard kubectl commands work seamlessly is just a bonus. Remember to run the

kubectl cluster-info --context kind-kind

command after building your cluster.

For proof of concept deployments, compatibility, testing, and indeed other development activities, Kind is an excellent place to start with Kubernetes. I trust you will enjoy employing the excellent kind. I intend to use it as much as possible when running quick tests.

Infos

Kind: https://kind.sigs.k8s.io
Quick start: https://kind.sigs.k8s.io/docs/user/quick-start
Docker engine: https://docs.docker.com/engine/install/ubuntu
kubectl setup: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux
kindest/node: https://hub.docker.com/r/kindest/node
Configuring a Kind cluster: https://kind.sigs.k8s.io/docs/user/quick-start/#configuring-your-kind-cluster
Ingress controller: https://kind.sigs.k8s.io/docs/user/ingress
Running Kind with rootless Docker: https://kind.sigs.k8s.io/docs/user/rootless

The Author

Chris Binnie's new book, Cloud Native Security, teaches you how to minimize attack surfaces across all of the key components used in modern Cloud Native infrastructure. Learn with hands-on examples about container security, DevSecOps tooling, advanced Kubernetes security, and Cloud Security Posture Management: https://www.cloudnativesecurity.cc.

« Previous 1 2