November 2018 – jonamiki.com

November 21, 2018November 9, 2019

Building a Kubernetes (k8s) cluster for the home lab

DEPRECIATED: The setup in this article has been superseded by a newer, better version as per the link below:

Kubernetes home lab: Upgraded edition with functional LoadBalancer and external access to pods

Introduction:

Building a Kubernetes cluster for the lab at home or at work doesn’t have to be complicated. Below are the steps to create a 3-node cluster (1 master + 2 workers).

Prerequisites:

Install three copies of Ubuntu 18.04. I used VirtualBox + Vagrant (and the image “ubuntu/bionic64”) to create mine. My nodes are named as follows:

k8s-c3-n1 (ip: 192.168.11.101)
k8s-c3-n2 (ip: 192.168.11.102)
k8s-c3-n3 (ip: 192.168.11.103)

Be sure to disable swap. Kubernetes won’t work if it’s enabled. This can be done by commenting out or removing the entry for swap in /etc/fstab followed by a reboot. Temporarily it can be turned off with “swapoff -a”.

Installing Kubernetes:

On all three nodes, download the Google apt key and add it:

wget https://packages.cloud.google.com/apt/doc/apt-key.gpg<br>
sudo apt-key add apt-key.gpg"; done<br>
sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"<br>
sudo apt-get update

Install kubeadm – also on all three nodes:

sudo apt-get install kubeadm -y

Installing Docker:

We also need Docker on all three nodes. Install it and enable the service as follows:

sudo apt-get install docker.io -y<br>
sudo systemctl enable docker<br>
sudo systemctl start docker

Configuring the master node:

On the master (k8s-c3-n1 in this case), enable the kubelet service:

sudo systemctl enable kubelet<br>
sudo systemctl start kubelet

Initialize the cluster:

Now let’s initialize the cluster with “kubeadmin init”. This is done on the master node. Note some detail about the two variables we need to provide:

The API server advertise address: If your hosts have multiple network cards, specify which IP address the API server should bind to. Make sure the nodes are all able to communicate on the network chosen here.
The pod network CIDR: The network you wish the pods to utilize. This appears to be arbitrary. I chose the 10.244.0.0/16 for my network.

sudo kubeadm init --apiserver-advertise-address=192.168.11.101 --pod-network-cidr=10.244.0.0/16

The “kubeadmin init” will result in output similar to the below. Make note of the “kubeadmin join” string as it’s unique to your installation and we’ll need it whenever registering worker nodes:

Your Kubernetes master has initialized successfully!</p>
<p>To start using your cluster, you need to run the following as a regular user:</p>
<p>mkdir -p $HOME/.kube<br>
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config<br>
sudo chown $(id -u):$(id -g) $HOME/.kube/config</p>
<p>You should now deploy a pod network to the cluster.<br>
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:<br>
https://kubernetes.io/docs/concepts/cluster-administration/addons/</p>
<p>You can now join any number of machines by running the following on each node as root:</p>
<p>kubeadm join 192.168.11.101:6443 --token bohtxr.206wlhy38gyse6vw --discovery-token-ca-cert-hash sha256:8daef1a7da449a1dffb9bd1ae9a95755d2ecbb407d8940e240e51344c9894bce

Let’s finalize by running the commands as suggested in the “kubeadm join” output. This is done on the master node – same as we used for ‘kubeadmin join’.

 mkdir -p $HOME/.kube<br>
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config<br>
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Congratulations – Kubernetes is installed! However, there is still a little bit of work to be done. First installing a pod network and then adding our two worker nodes.

Adding the pod network:

We’ll use Flannel for this example. There are other network solutions available too, but this worked well for me in my lab, and it’s both quick and easy:

sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

Joining the worker nodes:

Finally, let’s join our two workers to the master node by executing the “kubeadm join” string which was provided by our “kubeadm init” earlier.

On each of the two worker nodes, execute the “kubeadm join” string that is unique to your installation. For me it was as follows:

sudo kubeadm join 192.168.11.101:6443 --token bohtxr.206wlhy38gyse6vw --discovery-token-ca-cert-hash sha256:8daef1a7da449a1dffb9bd1ae9a95755d2ecbb407d8940e240e51344c9894bce

Let’s see if the three nodes are visible. On the master node, execute “kubectl get nodes”. Output should be similar to the below:

NAME STATUS ROLES AGE VERSION<br>
k8s-c3-n1 Ready master 4m7s v1.12.2<br>
k8s-c3-n2 Ready <none> 34s v1.12.2<br>
k8s-c3-n3 Ready <none> 32s v1.12.2

It may take around 30 sec to a minute for the workers to reach “Ready” status, but that’s it – Kubernetes is installed and ready.

We can now deploy containers / pods and they will be scheduled to run on the worker nodes. Note: There’s no load balancer or other fancy stuff installed by default so it’s pretty bare-bones 🙂

Deploy a test application:

Let’s verify that our cluster works by deploying a container with a web server.

On the master node (“k8s-c3-n1” in this example), deploy the “httpd” webserver using “kubectl run”. I picked the name “httpd-01” for this pod. This is arbitrary so feel free to use any name that makes sense in your installation.

vagrant@k8s-c3-n1:~$ kubectl run --image=httpd:2.4 httpd-01 --port=80 --env="DOMAIN=cluster"<br>
kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.<br>
deployment.apps/httpd-01 created

We can now check that it’s running with “kubectl get pods”:

vagrant@k8s-c3-n1:~$ kubectl get pods<br>
NAME READY STATUS RESTARTS AGE<br>
httpd-01-9f5587597-7jc8b 0/1 ContainerCreating 0 5s

Since this is a web server we want to expose port 80 so it can be accessed. This creates a service which has to be named. I picked the name ‘httpd-01-http”, but chose any name that makes sense in your installation. Note that we’re referring to the name we gave our our pod at deployment: “httpd-01”.

vagrant@k8s-c3-n1:~$ kubectl expose deployment httpd-01 --port=80 --name=httpd-01-http<br>
service/httpd-01-http exposed

Let’s find out more about our web server application / pod by using “kubectl get pods” and then “kubectl describe pod <pod id>”:

vagrant@k8s-c3-n1:~$ kubectl get pods<br>
NAME READY STATUS RESTARTS AGE<br>
httpd-01-9f5587597-7jc8b 1/1 Running 0 9m8s<br>
vagrant@k8s-c3-n1:~$

vagrant@k8s-c3-n1:~$ kubectl describe pod httpd-01-9f5587597-7jc8b<br>
Name: httpd-01-9f5587597-7jc8b<br>
Namespace: default<br>
Priority: 0<br>
PriorityClassName: <none><br>
Node: k8s-c3-n2/10.0.2.15<br>
Start Time: Wed, 21 Nov 2018 02:07:09 +0000<br>
Labels: pod-template-hash=9f5587597<br>
run=httpd-01<br>
Annotations: <none><br>
Status: Running<br>
IP: 10.244.1.2<br>
Controlled By: ReplicaSet/httpd-01-9f5587597<br>
Containers:<br>
httpd-01:<br>
Container ID: docker://52cb9559af71c39f4ca58a2520b3d4d4278048dab9c1b2a826fabd8a073cb77a<br>
Image: httpd:2.4<br>
Image ID: docker-pullable://httpd@sha256:9753aabc6b0b8cd0a39733ec13b7aad59e51069ce96d63c6617746272752738e<br>
Port: 80/TCP<br>
Host Port: 0/TCP<br>
State: Running<br>
Started: Wed, 21 Nov 2018 02:07:26 +0000<br>
Ready: True<br>
Restart Count: 0<br>
Environment:<br>
DOMAIN: cluster<br>
Mounts:<br>
/var/run/secrets/kubernetes.io/serviceaccount from default-token-hldjg (ro)<br>
Conditions:<br>
Type Status<br>
Initialized True<br>
Ready True<br>
ContainersReady True<br>
PodScheduled True<br>
Volumes:<br>
default-token-hldjg:<br>
Type: Secret (a volume populated by a Secret)<br>
SecretName: default-token-hldjg<br>
Optional: false<br>
QoS Class: BestEffort<br>
Node-Selectors: <none><br>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s<br>
node.kubernetes.io/unreachable:NoExecute for 300s<br>
Events:<br>
Type Reason Age From Message<br>
---- ------ ---- ---- -------<br>
Normal Scheduled 9m18s default-scheduler Successfully assigned default/httpd-01-9f5587597-7jc8b to k8s-c3-n2<br>
Normal Pulling 9m17s kubelet, k8s-c3-n2 pulling image "httpd:2.4"<br>
Normal Pulled 9m5s kubelet, k8s-c3-n2 Successfully pulled image "httpd:2.4"<br>
Normal Created 9m1s kubelet, k8s-c3-n2 Created container<br>
Normal Started 9m1s kubelet, k8s-c3-n2 Started container<br>
vagrant@k8s-c3-n1:~$

Among a lot of other information we can see it’s running on worker node “k8s-c3-n2”.

Let’s also get some information about the service we got when exposing port 80 earlier:

vagrant@k8s-c3-n1:~$ kubectl get services<br>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE<br>
httpd-01-http ClusterIP 10.104.247.184 <none> 80/TCP 2m11s<br>
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 61m<br>
vagrant@k8s-c3-n1:~$<br>
vagrant@k8s-c3-n1:~$ kubectl describe service httpd-01-http<br>
Name: httpd-01-http<br>
Namespace: default<br>
Labels: run=httpd-01<br>
Annotations: <none><br>
Selector: run=httpd-01<br>
Type: ClusterIP<br>
IP: 10.104.247.184<br>
Port: <unset> 80/TCP<br>
TargetPort: 80/TCP<br>
Endpoints: 10.244.1.2:80<br>
Session Affinity: None<br>
Events: <none><br>
vagrant@k8s-c3-n1:~$

Here we can see the endpoint IP and port: “10.244.1.2:80”

Since we know it’s running on worker node “k8s-c3-n2”, let’s SSH there and verify that we can get the default webpage:

vagrant@k8s-c3-n2:~$ wget -qO- http://10.244.1.2<br>
<html><body><h1>It works!</h1></body></html><br>
vagrant@k8s-c3-n2:~$

As shown in the output: “It works!”.

That goes both for the httpd container and for the Kubernetes cluster. Have fun!

November 18, 2018November 21, 2018

Tensorflow item recognition

Leveraging Google’s Tensorflow Machine Learning libraries for item recognition in images is fantastically easy to get going. The below Dockerfile will setup a container with everything required and allow the user to feed a URL to a file for classification:

Dockerfile:
Download raw from here: https://pastebin.com/raw/mdJ225vp

FROM ubuntu:16.04

RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:tensorflow' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile

EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

RUN apt-get install -y python-pip git
RUN pip install numpy tensorflow 

RUN git clone https://github.com/jonas-werner/tf_item_recognition.git

Save the above into a file called “Dockerfile”.
Enter the directory where the Dockerfile is saved and build the Docker image:

docker build -t tf-image_recognition .

Verify the Docker image:

jonas@continuity:~/CODE/tf-image_recognition$ docker image ls
REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
tf-image_recognition             latest              cd28f91139a2        6 minutes ago       1.07GB

Run the image. We’ll expose SSH on port 22 on the container as 2222 on the host:

docker run -it -d -P -p 2222:22 tf-image_recognition

Verify the local Docker gateway IP using the container ID (81f13360885f in this case – use “docker ps” to find out):

jonas@continuity:~/CODE/tf-image_recognition$ docker inspect 81f13360885f | grep Gateway
            "Gateway": "172.17.0.1",
            "IPv6Gateway": "",
                    "Gateway": "172.17.0.1",
                    "IPv6Gateway": "",

SSH and execute the image classification script (password: “tensorflow”):

ssh root@172.17.0.1 -p 2222 "wget https://jonamiki.com/wp-content/uploads/2013/07/wpid-IMAG0438_1.jpg; python /tf_item_recognition/classify_image.py --image_file ~/*.jpg; rm ~/*.jpg"

This is the image we’ve pulled down:

And this is the classification result:

motor scooter, scooter (score = 0.89661)
moped (score = 0.04356)
disk brake, disc brake (score = 0.00290)
crash helmet (score = 0.00289)
snowmobile (score = 0.00216)

Not too bad 🙂 Tensorflow accurately detects that the image contains a scooter, a crash helmet and even sees the disk brake on the scooter! Try with any image URL to see what Tensorflow will classify your image as. Have fun!

November 15, 2018November 15, 2018

Ubuntu 18.04.1 – Change hostname

While I’d normally use “hostnamectl set-hostname ” to modify the hostname of a Linux box, that doesn’t work for Ubuntu 18.04. The hostname will remain unchanged. Instead, modify as follows.

In /etc/cloud/cloud.cfg, modify “preserve_hostname” from “false” to “true”:

vi /etc/cloud/cloud.cfg

Modify hostname to the value you want in /etc/hostname:

vi /etc/hostname

Reboot

November 13, 2018November 21, 2018

New iDRAC Ansible module: Version 1.1 released

The recently released version 1.1 adds streaming Server Configuration File (SCP) support, enhanced RAID creation and many other goodies! See the release notes here for details: Dell EMC Ansible modules version 1.1

Below are some installation instructions (in particular for those who have been using the original Ansible modules).

System used:
CentOS 7.5

Get the new Ansible modules for iDRAC off Github:

git clone https://github.com/dell/Dell-EMC-Ansible-Modules-for-iDRAC.git

Get the Dell EMC OpenManage Python SDK off Github:

git clone https://github.com/dell/omsdk.git

Remove some packages or we will run into errors during the SDK install:
NOTE: This will uninstall Ansible. Backup your /etc/ansible/hosts file prior to Ansible removal!

[jonas@centossysmgmt01 omsdk]$ sudo yum remove python2-enum34.noarch python-enum34.noarch PyYAM

Install the Dell EMC OpenManage Python SDK prerequisites:

[jonas@centossysmgmt01 Redfish]$ cd omsdk/
[jonas@centossysmgmt01 omsdk]$ sudo -H pip install -r requirements-python2x.txt

Reinstall Ansible:

 [jonas@centossysmgmt01 omsdk]$ sudo yum install ansible -y

Install wheel:

 [jonas@centossysmgmt01 omsdk]$ sudo -H pip install wheel

Build .whl file:

 [jonas@centossysmgmt01 omsdk]$ sh ./build.sh 1.2 345

Install the newly built module:

[jonas@centossysmgmt01 omsdk]$ cd dist/
[jonas@centossysmgmt01 dist]$ sudo pip install omsdk-1.2.345_-py2.py3-none-any.whl

Install the new Dell EMC Ansible modules for iDRAC:

[jonas@centossysmgmt01 dist]$ cd ../../Dell-EMC-Ansible-Modules-for-iDRAC/
[jonas@centossysmgmt01 Dell-EMC-Ansible-Modules-for-iDRAC]$
[jonas@centossysmgmt01 Dell-EMC-Ansible-Modules-for-iDRAC]$ sudo python ./install.py
Dell EMC OpenManage Ansible Modules installation has started.
Checking prerequisites...

OpenManage Software Development Kit is installed.
Installing Dell EMC OpenManage Ansible Modules specific folders and files...
SUCCESS: Dell EMC OpenManage Ansible Modules is installed successfully.

All done! The new Ansible modules are installed.

Modifying /etc/ansible/hosts:
The previous version of the Dell EMC Ansible modules for iDRAC required the following format:

[myhosts]
# hostname OOB controller IP/NAME
r730xd baseuri=192.168.1.1
r620 baseuri=192.168.1.2

The new modules require some different variables:

[hosts]
# hostname     OOB controller IP/NAME
r730xd         idrac_ip=192.168.1.1 idrac_user=root idrac_pwd=calvin
r620           idrac_ip=192.168.1.2 idrac_user=root idrac_pwd=calvin
fm120_1a       idrac_ip=192.168.1.11 idrac_user=root idrac_pwd=calvin
fm120_1c       idrac_ip=192.168.1.13 idrac_user=root idrac_pwd=calvin
fm120_1d       idrac_ip=192.168.1.14 idrac_user=root idrac_pwd=calvin
#fm120_2b       idrac_ip=192.168.1.16 idrac_user=root idrac_pwd=calvin
fm120_2c       idrac_ip=192.168.1.17 idrac_user=root idrac_pwd=calvin
#fm120_2d       idrac_ip=192.168.1.18 idrac_user=root idrac_pwd=calvin
fc620           idrac_ip=192.168.1.19 idrac_user=root idrac_pwd=calvin

Trying it out:

Working perfectly 🙂