microwebservices.eu Snippets & microservices.com.pl Notes: February 2020

Saturday, February 29, 2020

start.spring.io

start.spring.io

This the first step to generate a template for a sample Spring Boot Application:

We can choose dependencies, which we want to use in a project from a list! (Excelent!):

SPRING BOOT

https://www.javadoc.io/doc/org.springframework.boot

https://www.javadoc.io/doc/org.springframework.boot/spring-boot/latest/index.html

SPRING CLOUD

https://www.javadoc.io/doc/org.springframework.cloud

https://www.javadoc.io/doc/org.springframework.cloud/spring-cloud-commons/latest/index.html

https://www.javadoc.io/static/org.springframework.cloud/spring-cloud-commons/2.2.0.RELEASE/org/springframework/cloud/client/loadbalancer/package-summary.html

https://www.javadoc.io/static/org.springframework.cloud/spring-cloud-commons/2.2.0.RELEASE/org/springframework/cloud/client/discovery/package-summary.html

Very useful in this topic:
1. "Enterprise Java Microservices" Ken Finnigan
(https://www.manning.com/books/enterprise-java-microservices)
2. "Spring Microservices in Action" John Carnell etc.
(https://www.manning.com/books/spring-microservices-in-action-second-edition,
https://www.manning.com/books/spring-microservices-in-action)
3. https://piotrminkowski.com/

The "Big picure" of Spring Microservices family:
https://spring.io/projects/spring-cloud
https://spring.io/projects/spring-cloud#learn
https://spring.io/projects/spring-cloud#samples
Features:

Distributed/versioned configuration
Service registration and discovery (see e.g.: @EnableDiscoveryClient)
Routing
Service-to-service calls
Load balancing
Circuit Breakers
Global locks
Leadership election and cluster state
Distributed messaging

https://spring.io/projects/spring-boot

https://spring.io/projects/spring-cloud-contract

https://spring.io/projects/spring-framework

https://spring.io/projects/spring-data

https://spring.io/projects/spring-security

https://spring.io/projects/spring-integration

https://spring.io/projects/spring-vault

https://spring.io/projects/spring-webflow

https://spring.io/projects/spring-ws

https://spring.io/projects/spring-batch

https://spring.io/projects/spring-restdocs

Main Projects:

Spring Cloud Open Service Broker

Spring Cloud Stream App Starters

Spring Cloud Task App Starters

SPRING packages (5.2.4.RELEASE):
https://docs.spring.io/spring-framework/docs/current/javadoc-api/overview-summary.html
List of these packages:
org.aopalliance.aop
org.aopalliance.intercept
org.apache.commons.logging
org.apache.commons.logging.impl

org.springframework = o.s.
o.s.aop
o.s.aop.aspectj
o.s.aop.aspectj.annotation
o.s.aop.aspectj.autoproxy
o.s.aop.config
o.s.aop.framework
o.s.aop.framework.adapter
o.s.aop.framework.autoproxy
o.s.aop.framework.autoproxy.target
o.s.aop.interceptor
o.s.aop.scope
o.s.aop.support
o.s.aop.support.annotation
o.s.aop.target
o.s.aop.target.dynamic

o.s.asm

o.s.beans
o.s.beans.annotation
o.s.beans.factory
o.s.beans.factory.annotation
o.s.beans.factory.aspectj
o.s.beans.factory.config
o.s.beans.factory.groovy
o.s.beans.factory.parsing
o.s.beans.factory.serviceloader
o.s.beans.factory.support
o.s.beans.factory.wiring
o.s.beans.factory.xml
o.s.beans.propertyeditors
o.s.beans.support

o.s.cache
o.s.cache.annotation
o.s.cache.aspectj
o.s.cache.caffeine
o.s.cache.concurrent
o.s.cache.config
o.s.cache.ehcache
o.s.cache.interceptor
o.s.cache.jcache
o.s.cache.jcache.config
o.s.cache.jcache.interceptor
o.s.cache.support
o.s.cache.transaction

o.s.cglib
o.s.cglib.core
o.s.cglib.proxy

o.s.context
o.s.context.annotation
o.s.context.annotation.aspectj
o.s.context.config
o.s.context.event
o.s.context.expression
o.s.context.i18n
o.s.context.index
o.s.context.index.processor
o.s.context.support
o.s.context.weaving

o.s.core
o.s.core.annotation
o.s.core.codec
o.s.core.convert
o.s.core.convert.converter
o.s.core.convert.support
o.s.core.env
o.s.core.io
o.s.core.io.buffer
o.s.core.io.support
o.s.core.log
o.s.core.serializer
o.s.core.serializer.support
o.s.core.style
o.s.core.task
o.s.core.task.support
o.s.core.type
o.s.core.type.classreading
o.s.core.type.filter

o.s.dao
o.s.dao.annotation
o.s.dao.support

o.s.ejb.access
o.s.ejb.config

o.s.expression
o.s.expression.common
o.s.expression.spel
o.s.expression.spel.ast
o.s.expression.spel.standard
o.s.expression.spel.support

o.s.format
o.s.format.annotation
o.s.format.datetime
o.s.format.datetime.joda
o.s.format.datetime.standard
o.s.format.number
o.s.format.number.money
o.s.format.support

o.s.http
o.s.http.client
o.s.http.client.reactive
o.s.http.client.support
o.s.http.codec
o.s.http.codec.cbor
o.s.http.codec.json
o.s.http.codec.multipart
o.s.http.codec.protobuf
o.s.http.codec.support
o.s.http.codec.xml
o.s.http.converter
o.s.http.converter.cbor
o.s.http.converter.feed
o.s.http.converter.json
o.s.http.converter.protobuf
o.s.http.converter.smile
o.s.http.converter.support
o.s.http.converter.xml
o.s.http.server
o.s.http.server.reactive

o.s.instrument
o.s.instrument.classloading
o.s.instrument.classloading.glassfish
o.s.instrument.classloading.jboss
o.s.instrument.classloading.tomcat
o.s.instrument.classloading.weblogic
o.s.instrument.classloading.websphere

o.s.jca.cci
o.s.jca.cci.connection
o.s.jca.cci.core
o.s.jca.cci.core.support
o.s.jca.cci.object
o.s.jca.context
o.s.jca.endpoint
o.s.jca.support
o.s.jca.work

o.s.jdbc
o.s.jdbc.config
o.s.jdbc.core
o.s.jdbc.core.metadata
o.s.jdbc.core.namedparam
o.s.jdbc.core.simple
o.s.jdbc.core.support
o.s.jdbc.datasource
o.s.jdbc.datasource.embedded
o.s.jdbc.datasource.init
o.s.jdbc.datasource.lookup
o.s.jdbc.object
o.s.jdbc.support
o.s.jdbc.support.incrementer
o.s.jdbc.support.lob
o.s.jdbc.support.rowset
o.s.jdbc.support.xml

o.s.jms
o.s.jms.annotation
o.s.jms.config
o.s.jms.connection
o.s.jms.core
o.s.jms.core.support
o.s.jms.listener
o.s.jms.listener.adapter
o.s.jms.listener.endpoint
o.s.jms.remoting
o.s.jms.support
o.s.jms.support.converter
o.s.jms.support.destination

o.s.jmx
o.s.jmx.access
o.s.jmx.export
o.s.jmx.export.annotation
o.s.jmx.export.assembler
o.s.jmx.export.metadata
o.s.jmx.export.naming
o.s.jmx.export.notification
o.s.jmx.support

o.s.jndi
o.s.jndi.support

o.s.lang

o.s.mail
o.s.mail.javamail

o.s.messaging
o.s.messaging.converter
o.s.messaging.core
o.s.messaging.handler
o.s.messaging.handler.annotation
o.s.messaging.handler.annotation.reactive
o.s.messaging.handler.annotation.support
o.s.messaging.handler.invocation
o.s.messaging.handler.invocation.reactive
o.s.messaging.rsocket
o.s.messaging.rsocket.annotation
o.s.messaging.rsocket.annotation.support
o.s.messaging.simp
o.s.messaging.simp.annotation
o.s.messaging.simp.annotation.support
o.s.messaging.simp.broker
o.s.messaging.simp.config
o.s.messaging.simp.stomp
o.s.messaging.simp.user
o.s.messaging.support
o.s.messaging.tcp
o.s.messaging.tcp.reactor

o.s.mock.env
o.s.mock.http
o.s.mock.http.client
o.s.mock.http.client.reactive
o.s.mock.http.server.reactive
o.s.mock.jndi
o.s.mock.web
o.s.mock.web.reactive.function.server
o.s.mock.web.server

o.s.objenesis

o.s.orm
o.s.orm.hibernate5
o.s.orm.hibernate5.support
o.s.orm.jpa
o.s.orm.jpa.persistenceunit
o.s.orm.jpa.support
o.s.orm.jpa.vendor

o.s.oxm
o.s.oxm.config
o.s.oxm.jaxb
o.s.oxm.jibx
o.s.oxm.mime
o.s.oxm.support
o.s.oxm.xstream

o.s.remoting
o.s.remoting.caucho
o.s.remoting.httpinvoker
o.s.remoting.jaxws
o.s.remoting.rmi
o.s.remoting.soap
o.s.remoting.support

o.s.scheduling
o.s.scheduling.annotation
o.s.scheduling.aspectj
o.s.scheduling.commonj
o.s.scheduling.concurrent
o.s.scheduling.config
o.s.scheduling.quartz
o.s.scheduling.support

o.s.scripting
o.s.scripting.bsh
o.s.scripting.config
o.s.scripting.groovy
o.s.scripting.support

o.s.stereotype

o.s.test.annotation
o.s.test.context
o.s.test.context.cache
o.s.test.context.event
o.s.test.context.event.annotation
o.s.test.context.jdbc
o.s.test.context.junit.jupiter
o.s.test.context.junit.jupiter.web
o.s.test.context.junit4
o.s.test.context.junit4.rules
o.s.test.context.junit4.statements
o.s.test.context.support
o.s.test.context.testng
o.s.test.context.transaction
o.s.test.context.util
o.s.test.context.web
o.s.test.jdbc
o.s.test.util
o.s.test.web
o.s.test.web.client
o.s.test.web.client.match
o.s.test.web.client.response
o.s.test.web.reactive.server
o.s.test.web.servlet
o.s.test.web.servlet.htmlunit
o.s.test.web.servlet.htmlunit.webdriver
o.s.test.web.servlet.request
o.s.test.web.servlet.result
o.s.test.web.servlet.setup

o.s.transaction
o.s.transaction.annotation
o.s.transaction.aspectj
o.s.transaction.config
o.s.transaction.event
o.s.transaction.interceptor
o.s.transaction.jta
o.s.transaction.reactive
o.s.transaction.support

o.s.ui
o.s.ui.context
o.s.ui.context.support
o.s.ui.freemarker

o.s.util
o.s.util.backoff
o.s.util.comparator
o.s.util.concurrent
o.s.util.function
o.s.util.unit
o.s.util.xml

o.s.validation
o.s.validation.annotation
o.s.validation.beanvalidation
o.s.validation.support

o.s.web
o.s.web.accept
o.s.web.bind
o.s.web.bind.annotation
o.s.web.bind.support
o.s.web.client
o.s.web.client.support
o.s.web.context
o.s.web.context.annotation
o.s.web.context.request
o.s.web.context.request.async
o.s.web.context.support
o.s.web.cors
o.s.web.cors.reactive
o.s.web.filter
o.s.web.filter.reactive
o.s.web.jsf
o.s.web.jsf.el
o.s.web.method
o.s.web.method.annotation
o.s.web.method.support
o.s.web.multipart
o.s.web.multipart.commons
o.s.web.multipart.support
o.s.web.reactive
o.s.web.reactive.accept
o.s.web.reactive.config
o.s.web.reactive.function
o.s.web.reactive.function.client
o.s.web.reactive.function.client.support
o.s.web.reactive.function.server
o.s.web.reactive.function.server.support
o.s.web.reactive.handler
o.s.web.reactive.resource
o.s.web.reactive.result
o.s.web.reactive.result.condition
o.s.web.reactive.result.method
o.s.web.reactive.result.method.annotation
o.s.web.reactive.result.view
o.s.web.reactive.result.view.freemarker
o.s.web.reactive.result.view.script
o.s.web.reactive.socket
o.s.web.reactive.socket.adapter
o.s.web.reactive.socket.client
o.s.web.reactive.socket.server
o.s.web.reactive.socket.server.support
o.s.web.reactive.socket.server.upgrade
o.s.web.server
o.s.web.server.adapter
o.s.web.server.handler
o.s.web.server.i18n
o.s.web.server.session
o.s.web.servlet
o.s.web.servlet.config
o.s.web.servlet.config.annotation
o.s.web.servlet.function
o.s.web.servlet.function.support
o.s.web.servlet.handler
o.s.web.servlet.i18n
o.s.web.servlet.mvc
o.s.web.servlet.mvc.annotation
o.s.web.servlet.mvc.condition
o.s.web.servlet.mvc.method
o.s.web.servlet.mvc.method.annotation
o.s.web.servlet.mvc.support
o.s.web.servlet.resource
o.s.web.servlet.support
o.s.web.servlet.tags
o.s.web.servlet.tags.form
o.s.web.servlet.theme
o.s.web.servlet.view
o.s.web.servlet.view.document
o.s.web.servlet.view.feed
o.s.web.servlet.view.freemarker
o.s.web.servlet.view.groovy
o.s.web.servlet.view.json
o.s.web.servlet.view.script
o.s.web.servlet.view.tiles3
o.s.web.servlet.view.xml
o.s.web.servlet.view.xslt
o.s.web.socket
o.s.web.socket.adapter
o.s.web.socket.adapter.jetty
o.s.web.socket.adapter.standard
o.s.web.socket.client
o.s.web.socket.client.jetty
o.s.web.socket.client.standard
o.s.web.socket.config
o.s.web.socket.config.annotation
o.s.web.socket.handler
o.s.web.socket.messaging
o.s.web.socket.server
o.s.web.socket.server.jetty
o.s.web.socket.server.standard
o.s.web.socket.server.support
o.s.web.socket.sockjs
o.s.web.socket.sockjs.client
o.s.web.socket.sockjs.frame
o.s.web.socket.sockjs.support
o.s.web.socket.sockjs.transport
o.s.web.socket.sockjs.transport.handler
o.s.web.socket.sockjs.transport.session
o.s.web.util
o.s.web.util.pattern

Other books:

https://www.manning.com/books/akka-in-action

https://www.manning.com/books/algorithms-and-data-structures-in-action

https://www.manning.com/books/amazon-web-services-in-action-second-edition

https://www.manning.com/books/android-in-action-third-edition

https://www.manning.com/books/angular-in-action

https://www.manning.com/books/api-security-in-action

https://www.manning.com/books/aws-lambda-in-action

https://www.manning.com/books/big-data

https://www.manning.com/books/blockchain-in-action

https://www.manning.com/books/bootstrapping-microservices-with-docker-kubernetes-and-terraform

https://www.manning.com/livevideo/building-spring-boot-applications-with-the-kotlin-programming-language

https://www.manning.com/books/camel-in-action-second-edition

https://www.manning.com/books/clojure-in-action

git@github.com:microservices-security-in-action/samples.git

OpenShift vs Kubernetes

Kubernetes is an open-source orchestrator system that helps in automating deployment, management, and scaling the containerized apps.

Red Hat OpenShift is an open source container application platform based on the Kubernetes container orchestrator for enterprise application development and deployment.
https://www.openshift.com/

It is very interesting article "Top 10 Differences between OpenShift and Kubernetes" about the comparison of them at:

https://www.whizlabs.com/blog/openshift-vs-kubernetes/

Products of HashiCorp

In the beginning was the Word, and the Word was a Code...

EVERYTHING as a Code:

Terraform ("PROVISION" as code framework, Multi-Cloud Infrastructure, automated infrastructure provisioning)
Vagrant ("CONTAINER" as code framework, create and use development environments)
Vault ("SECURE" as code framework, Multi-Cloud Secrets, secrets management and data protection)
Consul ("CONNECT" as code framework, Multi-Cloud Services, service discovery and a service mesh)
Nomad ("RUN" as code framework, Multi-Cloud Applications, deploy and manage any containerized, legacy, or batch application)
Sentinel ("POLICY" as code framework, https://www.hashicorp.com/sentinel/)
Packer ("INFRASTRUCTURE" as code framework, build automated machine images with Packer,

https://packer.io/, https://www.thinkahead.com/resources/building-infrastructure-code-packer/)

Sources:
https://www.hashicorp.com/

https://en.wikipedia.org/wiki/HashiCorp

https://learn.hashicorp.com/

Source: Internet

Consul and Vault

Vault (keep secrets secure)
https://learn.hashicorp.com/vault

https://www.hashicorp.com/products/vault/

https://learn.hashicorp.com/vault#getting-started

Consul (service discovery and service mesh)
https://learn.hashicorp.com/consul

https://www.hashicorp.com/products/consul/

There are three approaches to installing Consul (https://www.consul.io/docs/install/index.html):

Using a precompiled binary
Installing from source
Installing on Kubernetes

https://learn.hashicorp.com/consul/getting-started/agent

consul agent -dev
# and more...

Demo:
https://www.hashicorp.com/resources/simplify-service-networking-with-hashicorp-consul

Sources:

https://www.hashicorp.com/products/consul/

https://www.consul.io/docs/internals/architecture.html

https://www.consul.io/api/agent.html

https://www.consul.io/docs/acl/index.html

https://www.consul.io/docs/commands/acl/set-agent-token.html

https://www.consul.io/docs/glossary.html

https://www.consul.io/api/agent/connect.html

https://www.consul.io/api/agent/check.html

https://www.consul.io/docs/agent/telemetry.html

https://learn.hashicorp.com/

Tuesday, February 25, 2020

Security tools and DevSecOps

There are some tools which can support security in DevSecOps chain (static code analysis, testing the app and more) - the official pages:

https://www.redhat.com/en/topics/devops/what-is-devsecops

https://www.csoonline.com/article/3245748/what-is-devsecops-developing-more-secure-applications.html

https://owasp.org/

https://cheatsheetseries.owasp.org/

https://github.com/OWASP/CheatSheetSeries

https://www.oneconsult.com/en/

https://www.contrastsecurity.com/

https://www.nowsecure.com/

https://www.redhat.com/en/technologies/management/ansible

https://en.wikipedia.org/wiki/Fortify_Software

Friday, February 14, 2020

K8s

Docker is a platform and tool for building, distributing, and running Docker containers. ...

Kubernetes is a container orchestration system for Docker containers that is more extensive than Docker Swarm and is meant to coordinate clusters of nodes at scale in production in an efficient manner.

Great!

Let it go on UBUNTU 18.04 :-)

############### Installing KUBERNETES, K8s ##############################

# Let's try to use advices at following articles to have installed 4 main tools/components:

Docker = a container runtime. It is the component that runs your containers.
Support for other runtimes such as rkt is under active development in Kubernetes.
kubectl = a CLI tool used for issuing commands to the cluster through its API Server.
kubeadm = a CLI tool that will install and configure the various components of a cluster in a standard way.
kubelet = a system service/program that runs on all nodes and handles node-level operations.

# And other tools:

Calico = (https://docs.projectcalico.org/introduction/) a networking and network policy provider.
It is an open source networking and network security solution for containers, virtual machines, and native host-based workloads.
Calico supports a broad range of platforms including Kubernetes, OpenShift, Docker EE, OpenStack, and bare metal services.
Flannel = is an overlay network provider that can be used with Kubernetes
(https://github.com/coreos/flannel/blob/master/Documentation/kubernetes.md).

https://vitux.com/install-and-deploy-kubernetes-on-ubuntu/

https://www.digitalocean.com/community/tutorials/how-to-create-a-kubernetes-cluster-using-kubeadm-on-ubuntu-18-04

https://kubernetes.io/docs/tasks/tools/install-kubectl/

https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/
(!!!)

https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands

https://manpages.debian.org/experimental/kubernetes-client/kubectl-run.1.en.html

https://manpages.debian.org/experimental/kubernetes-client/

https://gist.github.com/jimmidyson/8b50ebe6c9f6ed5432cc

https://gist.github.com/jimmidyson/

https://github.com/CESNET/jupyter-meta/wiki/Kubernetes-with-Kubeadm

https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
(kubectl apply -f https://docs.projectcalico.org/v3.11/manifests/calico.yaml)

https://kubernetes.io/docs/concepts/cluster-administration/networking/

https://medium.com/htc-research-engineering-blog/install-a-kubernetes-cluster-with-kubeadm-on-ubuntu-step-by-stepff-c118514bc5e0

https://wiki.onap.org/display/DW/Deploying+Kubernetes+Cluster+with+kubeadm

https://www.linode.com/docs/kubernetes/getting-started-with-kubernetes/

# Let's try to use following commands to prepare and install K8s:

sudo systemctl enable docker

sudo apt install -y curl

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add

sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"

sudo apt install -y kubeadm

kubeadm version

sudo swapoff -a

sudo hostnamectl set-hostname master-node

sudo hostnamectl set-hostname slave-node

sudo kubeadm init --pod-network-cidr=10.244.0.0/16

# Your Kubernetes control-plane has initialized successfully now!
# To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

sudo kubectl get nodes

# You should now deploy a pod network to the cluster.
# Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
# Calico from https://kubernetes.io/docs/concepts/cluster-administration/addons/
# Install network plugin (Calico) - these now seem to leave the nodes in a "notReady" state,
# below is a fix from https://github.com/CESNET/jupyter-meta/wiki/Kubernetes-with-Kubeadm

sudo kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml

sudo kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml

sudo kubectl apply -f https://docs.projectcalico.org/v3.11/manifests/calico.yaml

sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

# Then you can join any number of worker nodes by running the following on each as root:

sudo kubeadm join 192.168.1.22:6443 --token wv9d86.mfssvpdndne1e96h \
--discovery-token-ca-cert-hash sha256:392ee523f3a93648a019880cb38f1cad7532be9a1e0edcb63e9a478d880bc33a

kubectl get pods --all-namespaces

sudo kubectl get nodes

sudo apt install -y net-tools

ifconfig

An example:
cni0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.244.0.1 netmask 255.255.255.0 broadcast 0.0.0.0

docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255

flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.244.0.0 netmask 255.255.255.255 broadcast 0.0.0.0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0

wlp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.22 netmask 255.255.255.0 broadcast 192.168.1.255

"kubectl" from terminal:

kubectl controls the Kubernetes cluster manager.

Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/

Basic Commands (Beginner):
create Create a resource from a file or from stdin.
expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes Service
run Run a particular image on the cluster
set Set specific features on objects

Basic Commands (Intermediate):
explain Documentation of resources
get Display one or many resources
edit Edit a resource on the server
delete Delete resources by filenames, stdin, resources and names, or by resources and label selector

Deploy Commands:
rollout Manage the rollout of a resource
scale Set a new size for a Deployment, ReplicaSet, Replication Controller, or Job
autoscale Auto-scale a Deployment, ReplicaSet, or ReplicationController

Cluster Management Commands:
certificate Modify certificate resources.
cluster-info Display cluster info
top Display Resource (CPU/Memory/Storage) usage.
cordon Mark node as unschedulable
uncordon Mark node as schedulable
drain Drain node in preparation for maintenance
taint Update the taints on one or more nodes

Troubleshooting and Debugging Commands:
describe Show details of a specific resource or group of resources
logs Print the logs for a container in a pod
attach Attach to a running container
exec Execute a command in a container
port-forward Forward one or more local ports to a pod
proxy Run a proxy to the Kubernetes API server
cp Copy files and directories to and from containers.
auth Inspect authorization

Advanced Commands:
diff Diff live version against would-be applied version
apply Apply a configuration to a resource by filename or stdin
patch Update field(s) of a resource using strategic merge patch
replace Replace a resource by filename or stdin
wait Experimental: Wait for a specific condition on one or many resources.
convert Convert config files between different API versions

Settings Commands:
label Update the labels on a resource
annotate Update the annotations on a resource
completion Output shell completion code for the specified shell (bash or zsh)

Other Commands:
api-resources Print the supported API resources on the server
api-versions Print the supported API versions on the server, in the form of "group/version"
config Modify kubeconfig files
plugin Provides utilities for interacting with plugins.
version Print the client and server version information

Usage:
kubectl [flags] [options]

Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).

ps -ef | grep kubectl

only root has permitions:
/usr/bin/kubectl

/usr/bin/dockerd

Examples:
# Start a single instance of nginx.
kubectl run nginx --image=nginx

# Start a single instance of hazelcast and let the container expose port 5701 .
kubectl run hazelcast --image=hazelcast --port=5701

# Start a single instance of hazelcast and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container.
kubectl run hazelcast --image=hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"

# Start a single instance of hazelcast and set labels "app=hazelcast" and "env=prod" in the container.
kubectl run hazelcast --image=hazelcast --labels="app=hazelcast,env=prod"

# Start a replicated instance of nginx.
kubectl run nginx --image=nginx --replicas=5

# Dry run. Print the corresponding API objects without creating them.
kubectl run nginx --image=nginx --dry-run

# Start a single instance of nginx, but overload the spec of the deployment with a partial set of values parsed from JSON.
kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }'

# Start a pod of busybox and keep it in the foreground, don't restart it if it exits.
kubectl run -i -t busybox --image=busybox --restart=Never

# Start the nginx container using the default command, but use custom arguments (arg1 .. argN) for that command.
kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>

# Start the nginx container using a different command and custom arguments.
kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>

# Start the perl container to compute ? to 2000 places and print it out.
kubectl run pi --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'

# Start the cron job to compute ? to 2000 places and print it out every 5 minutes.
kubectl run pi --schedule="0/5 * * * ?" --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'

Options:
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--attach=false: If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the exit code of the container process is returned.
--cascade=true: If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController). Default true.
--command=false: If true and extra arguments are present, use them as the 'command' field in the container, rather than the 'args' field which is the default.
--dry-run=false: If true, only print the object that would be sent, without sending it.
--env=[]: Environment variables to set in the container
--expose=false: If true, a public, external service is created for the container(s) which are run
-f, --filename=[]: to use to replace the resource.
--force=false: Only used when grace-period=0. If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
--generator='': The name of the API generator to use, see http://kubernetes.io/docs/user-guide/kubectl-conventions/#generators for a list.
--grace-period=-1: Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).
--hostport=-1: The host port mapping for the container port. To demonstrate a single-machine container.
--image='': The image for the container to run.
--image-pull-policy='': The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server
-l, --labels='': Comma separated labels to apply to the pod(s). Will override previous values.
--leave-stdin-open=false: If the pod is started in interactive mode or with stdin, leave stdin open after the first attach completes. By default, stdin will be closed after the first attach completes.
--limits='': The resource requirement limits for this container. For example, 'cpu=200m,memory=512Mi'. Note that server side components may assign limits depending on the server configuration, such as limit ranges.
-o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file.
--overrides='': An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
--pod-running-timeout=1m0s: The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
--port='': The port that this container exposes. If --expose is true, this is also the port used by the service that is created.
--quiet=false: If true, suppress prompt messages.
--record=false: Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-r, --replicas=1: Number of replicas to create for this container. Default is 1.
--requests='': The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
--restart='Always': The restart policy for this Pod. Legal values [Always, OnFailure, Never]. If set to 'Always' a deployment is created, if set to 'OnFailure' a job is created, if set to 'Never', a regular pod is created. For the latter two --replicas must be 1. Default 'Always', for CronJobs `Never`.
--rm=false: If true, delete resources created in this command for attached containers.
--save-config=false: If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--schedule='': A schedule in the Cron format the job should be run with.
--service-generator='service/v2': The name of the generator to use for creating a service. Only used if --expose is true
--service-overrides='': An inline JSON override for the generated service object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field. Only used if --expose is true.
--serviceaccount='': Service account to set in the pod spec
-i, --stdin=false: Keep stdin open on the container(s) in the pod, even if nothing is attached.
--template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--timeout=0s: The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
-t, --tty=false: Allocated a TTY for each container in the pod.
--wait=false: If true, wait for resources to be gone before returning. This waits for finalizers.

Usage:
kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool] [--overrides=inline-json] [--command] -- [COMMAND] [args...] [options]

Use "kubectl options" for a list of global command-line options (applies to all commands).

################# LOGS from sandbox testing... ##################################

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

kris@gandalf1:~$ sudo apt install -y docker.io
[sudo] password for kris:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
efibootmgr libfwup1 libwayland-egl1-mesa
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
bridge-utils cgroupfs-mount containerd git git-man liberror-perl pigz runc ubuntu-fan
Suggested packages:
aufs-tools btrfs-progs debootstrap docker-doc rinse zfs-fuse | zfsutils git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk gitweb
git-cvs git-mediawiki git-svn
The following NEW packages will be installed:
bridge-utils cgroupfs-mount containerd docker.io git git-man liberror-perl pigz runc ubuntu-fan
0 upgraded, 10 newly installed, 0 to remove and 3 not upgraded.
Need to get 68,5 MB of archives.
After this operation, 353 MB of additional disk space will be used.
Get:1 http://pl.archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57,4 kB]
Get:2 http://pl.archive.ubuntu.com/ubuntu bionic/main amd64 bridge-utils amd64 1.5-15ubuntu1 [30,1 kB]
Get:3 http://pl.archive.ubuntu.com/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6?320 B]
Get:4 http://pl.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 runc amd64 1.0.0~rc10-0ubuntu1~18.04.2 [2?000 kB]
Get:5 http://pl.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 containerd amd64 1.3.3-0ubuntu1~18.04.1 [21,7 MB]
Get:6 http://pl.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 docker.io amd64 19.03.6-0ubuntu1~18.04.1 [39,9 MB]
Get:7 http://pl.archive.ubuntu.com/ubuntu bionic/main amd64 liberror-perl all 0.17025-1 [22,8 kB]
Get:8 http://pl.archive.ubuntu.com/ubuntu bionic-updates/main amd64 git-man all 1:2.17.1-1ubuntu0.5 [803 kB]
Get:9 http://pl.archive.ubuntu.com/ubuntu bionic-updates/main amd64 git amd64 1:2.17.1-1ubuntu0.5 [3?912 kB]
Get:10 http://pl.archive.ubuntu.com/ubuntu bionic/main amd64 ubuntu-fan all 0.12.10 [34,7 kB]
Fetched 68,5 MB in 6s (11,4 MB/s)
Preconfiguring packages ...
Selecting previously unselected package pigz.
(Reading database ... 164348 files and directories currently installed.)
Preparing to unpack .../0-pigz_2.4-1_amd64.deb ...
Unpacking pigz (2.4-1) ...
Selecting previously unselected package bridge-utils.
Preparing to unpack .../1-bridge-utils_1.5-15ubuntu1_amd64.deb ...
Unpacking bridge-utils (1.5-15ubuntu1) ...
Selecting previously unselected package cgroupfs-mount.
Preparing to unpack .../2-cgroupfs-mount_1.4_all.deb ...
Unpacking cgroupfs-mount (1.4) ...
Selecting previously unselected package runc.
Preparing to unpack .../3-runc_1.0.0~rc10-0ubuntu1~18.04.2_amd64.deb ...
Unpacking runc (1.0.0~rc10-0ubuntu1~18.04.2) ...
Selecting previously unselected package containerd.
Preparing to unpack .../4-containerd_1.3.3-0ubuntu1~18.04.1_amd64.deb ...
Unpacking containerd (1.3.3-0ubuntu1~18.04.1) ...
Selecting previously unselected package docker.io.
Preparing to unpack .../5-docker.io_19.03.6-0ubuntu1~18.04.1_amd64.deb ...
Unpacking docker.io (19.03.6-0ubuntu1~18.04.1) ...
Selecting previously unselected package liberror-perl.
Preparing to unpack .../6-liberror-perl_0.17025-1_all.deb ...
Unpacking liberror-perl (0.17025-1) ...
Selecting previously unselected package git-man.
Preparing to unpack .../7-git-man_1%3a2.17.1-1ubuntu0.5_all.deb ...
Unpacking git-man (1:2.17.1-1ubuntu0.5) ...
Selecting previously unselected package git.
Preparing to unpack .../8-git_1%3a2.17.1-1ubuntu0.5_amd64.deb ...
Unpacking git (1:2.17.1-1ubuntu0.5) ...
Selecting previously unselected package ubuntu-fan.
Preparing to unpack .../9-ubuntu-fan_0.12.10_all.deb ...
Unpacking ubuntu-fan (0.12.10) ...
Setting up git-man (1:2.17.1-1ubuntu0.5) ...
Setting up runc (1.0.0~rc10-0ubuntu1~18.04.2) ...
Setting up liberror-perl (0.17025-1) ...
Setting up cgroupfs-mount (1.4) ...
Setting up containerd (1.3.3-0ubuntu1~18.04.1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service › /lib/systemd/system/containerd.service.
Setting up bridge-utils (1.5-15ubuntu1) ...
Setting up ubuntu-fan (0.12.10) ...
Created symlink /etc/systemd/system/multi-user.target.wants/ubuntu-fan.service › /lib/systemd/system/ubuntu-fan.service.
Setting up pigz (2.4-1) ...
Setting up git (1:2.17.1-1ubuntu0.5) ...
Setting up docker.io (19.03.6-0ubuntu1~18.04.1) ...
Adding group `docker' (GID 127) ...
Done.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket › /lib/systemd/system/docker.socket.
docker.service is a disabled or a static unit, not starting it.
Processing triggers for systemd (237-3ubuntu10.39) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
ureadahead will be reprofiled on next reboot

kris@gandalf1:~$ docker

Usage: docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
--config string Location of client config files (default "/home/kris/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker
context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/home/kris/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/home/kris/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/home/kris/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit

Management Commands:
builder Manage builds
config Manage Docker configs
container Manage containers
context Manage contexts
engine Manage the docker engine
image Manage images
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes

Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
deploy Deploy a new stack or update an existing stack
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

kris@gandalf1:~$ docker --version
Docker version 19.03.6, build 369ce74a3c

kris@gandalf1:~$ sudo systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service › /lib/systemd/system/docker.service.

kris@gandalf1:~$ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add

Command 'curl' not found, but can be installed with:

sudo apt install -y curl

gpg: no valid OpenPGP data found.

kris@gandalf1:~$ ^C

kris@gandalf1:~$ sudo apt install curl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
efibootmgr libfwup1 libwayland-egl1-mesa
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
libcurl4
The following NEW packages will be installed:
curl libcurl4
0 upgraded, 2 newly installed, 0 to remove and 3 not upgraded.
Need to get 373 kB of archives.
After this operation, 1?038 kB of additional disk space will be used.
Get:1 http://pl.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libcurl4 amd64 7.58.0-2ubuntu3.8 [214 kB]
Get:2 http://pl.archive.ubuntu.com/ubuntu bionic-updates/main amd64 curl amd64 7.58.0-2ubuntu3.8 [159 kB]
Fetched 373 kB in 0s (2?006 kB/s)
Selecting previously unselected package libcurl4:amd64.
(Reading database ... 165583 files and directories currently installed.)
Preparing to unpack .../libcurl4_7.58.0-2ubuntu3.8_amd64.deb ...
Unpacking libcurl4:amd64 (7.58.0-2ubuntu3.8) ...
Selecting previously unselected package curl.
Preparing to unpack .../curl_7.58.0-2ubuntu3.8_amd64.deb ...
Unpacking curl (7.58.0-2ubuntu3.8) ...
Setting up libcurl4:amd64 (7.58.0-2ubuntu3.8) ...
Setting up curl (7.58.0-2ubuntu3.8) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...

kris@gandalf1:~$ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
OK

kris@gandalf1:~$ sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
Hit:1 http://pl.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://pl.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://pl.archive.ubuntu.com/ubuntu bionic-backports InRelease
Ign:4 http://dl.google.com/linux/chrome/deb stable InRelease
Get:5 http://security.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB]
Get:6 http://dl.google.com/linux/chrome/deb stable Release [943 B]
Get:7 http://dl.google.com/linux/chrome/deb stable Release.gpg [819 B]
Get:9 http://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1?136 B]
Get:8 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [8?993 B]
Get:10 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages [34,5 kB]
Fetched 135 kB in 1s (97,2 kB/s)
Reading package lists... Done

kris@gandalf1:~$ sudo apt install -y kubeadm
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
efibootmgr libfwup1 libwayland-egl1-mesa
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
conntrack cri-tools ebtables ethtool kubectl kubelet kubernetes-cni socat
The following NEW packages will be installed:
conntrack cri-tools ebtables ethtool kubeadm kubectl kubelet kubernetes-cni socat
0 upgraded, 9 newly installed, 0 to remove and 3 not upgraded.
Need to get 51,8 MB of archives.
After this operation, 273 MB of additional disk space will be used.
Get:1 http://pl.archive.ubuntu.com/ubuntu bionic/main amd64 conntrack amd64 1:1.4.4+snapshot20161117-6ubuntu2 [30,6 kB]
Get:3 http://pl.archive.ubuntu.com/ubuntu bionic-updates/main amd64 ebtables amd64 2.0.10.4-3.5ubuntu2.18.04.3 [79,9 kB]
Get:4 http://pl.archive.ubuntu.com/ubuntu bionic/main amd64 ethtool amd64 1:4.15-0ubuntu1 [114 kB]
Get:6 http://pl.archive.ubuntu.com/ubuntu bionic/main amd64 socat amd64 1.7.3.2-2ubuntu2 [342 kB]
Get:2 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 cri-tools amd64 1.13.0-00 [8?776 kB]
Get:5 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubernetes-cni amd64 0.7.5-00 [6?473 kB]
Get:7 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubelet amd64 1.17.4-00 [19,2 MB]
Get:8 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubectl amd64 1.17.4-00 [8?741 kB]
Get:9 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubeadm amd64 1.17.4-00 [8?064 kB]
Fetched 51,8 MB in 6s (8?715 kB/s)
Selecting previously unselected package conntrack.
(Reading database ... 165596 files and directories currently installed.)
Preparing to unpack .../0-conntrack_1%3a1.4.4+snapshot20161117-6ubuntu2_amd64.deb ...
Unpacking conntrack (1:1.4.4+snapshot20161117-6ubuntu2) ...
Selecting previously unselected package cri-tools.
Preparing to unpack .../1-cri-tools_1.13.0-00_amd64.deb ...
Unpacking cri-tools (1.13.0-00) ...
Selecting previously unselected package ebtables.
Preparing to unpack .../2-ebtables_2.0.10.4-3.5ubuntu2.18.04.3_amd64.deb ...
Unpacking ebtables (2.0.10.4-3.5ubuntu2.18.04.3) ...
Selecting previously unselected package ethtool.
Preparing to unpack .../3-ethtool_1%3a4.15-0ubuntu1_amd64.deb ...
Unpacking ethtool (1:4.15-0ubuntu1) ...
Selecting previously unselected package kubernetes-cni.
Preparing to unpack .../4-kubernetes-cni_0.7.5-00_amd64.deb ...
Unpacking kubernetes-cni (0.7.5-00) ...
Selecting previously unselected package socat.
Preparing to unpack .../5-socat_1.7.3.2-2ubuntu2_amd64.deb ...
Unpacking socat (1.7.3.2-2ubuntu2) ...
Selecting previously unselected package kubelet.
Preparing to unpack .../6-kubelet_1.17.4-00_amd64.deb ...
Unpacking kubelet (1.17.4-00) ...
Selecting previously unselected package kubectl.
Preparing to unpack .../7-kubectl_1.17.4-00_amd64.deb ...
Unpacking kubectl (1.17.4-00) ...
Selecting previously unselected package kubeadm.
Preparing to unpack .../8-kubeadm_1.17.4-00_amd64.deb ...
Unpacking kubeadm (1.17.4-00) ...
Setting up conntrack (1:1.4.4+snapshot20161117-6ubuntu2) ...
Setting up kubernetes-cni (0.7.5-00) ...
Setting up cri-tools (1.13.0-00) ...
Setting up socat (1.7.3.2-2ubuntu2) ...
Setting up ebtables (2.0.10.4-3.5ubuntu2.18.04.3) ...
Created symlink /etc/systemd/system/multi-user.target.wants/ebtables.service › /lib/systemd/system/ebtables.service.
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Setting up kubectl (1.17.4-00) ...
Setting up ethtool (1:4.15-0ubuntu1) ...
Setting up kubelet (1.17.4-00) ...
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service › /lib/systemd/system/kubelet.service.
Setting up kubeadm (1.17.4-00) ...
Processing triggers for systemd (237-3ubuntu10.39) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...

kris@gandalf1:~$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T21:01:11Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}

kris@gandalf1:~$ sudo swapoff -a

kris@gandalf1:~$ sudo hostnamectl set-hostname master-node

kris@gandalf1:~$ sudo hostnamectl set-hostname slave-node

kris@gandalf1:~$ sudo kubeadm init --pod-network-cidr=10.244.0.0/16
W0313 17:07:44.931108 11694 validation.go:28] Cannot validate kube-proxy config - no validator is available
W0313 17:07:44.931223 11694 validation.go:28] Cannot validate kubelet config - no validator is available
[init] Using Kubernetes version: v1.17.4
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [slave-node kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.1.22]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [slave-node localhost] and IPs [192.168.1.22 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [slave-node localhost] and IPs [192.168.1.22 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
W0313 17:08:20.954182 11694 manifests.go:214] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[control-plane] Creating static Pod manifest for "kube-scheduler"
W0313 17:08:20.955157 11694 manifests.go:214] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 18.002123 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.17" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node slave-node as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node slave-node as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: wv9d86.mfssvpdndne1e96h
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.1.22:6443 --token wv9d86.mfssvpdndne1e96h \
--discovery-token-ca-cert-hash sha256:392ee523f3a93648a019880cb38f1cad7532be9a1e0edcb63e9a478d880bc33a

kris@gandalf1:~$ mkdir -p $HOME/.kube

kris@gandalf1:~$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

kris@gandalf1:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

kris@gandalf1:~$ sudo kubectl get nodes
NAME STATUS ROLES AGE VERSION
slave-node NotReady master 2m35s v1.17.4

kris@gandalf1:~$ sudo kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml

kris@gandalf1:~$ sudo kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml

kris@gandalf1:~$ sudo kubectl apply -f https://docs.projectcalico.org/v3.11/manifests/calico.yaml

kris@gandalf1:~$ sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created

kris@gandalf1:~$ sudo kubeadm join 192.168.1.22:6443 --token wv9d86.mfssvpdndne1e96h \
--discovery-token-ca-cert-hash sha256:392ee523f3a93648a019880cb38f1cad7532be9a1e0edcb63e9a478d880bc33a

kris@gandalf1:~$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6955765f44-59snd 1/1 Running 0 3m58s
kube-system coredns-6955765f44-zg7cr 1/1 Running 0 3m58s
kube-system etcd-slave-node 1/1 Running 0 4m11s
kube-system kube-apiserver-slave-node 1/1 Running 0 4m11s
kube-system kube-controller-manager-slave-node 1/1 Running 0 4m11s
kube-system kube-flannel-ds-amd64-tgbjl 1/1 Running 0 38s
kube-system kube-proxy-5bhjs 1/1 Running 0 3m58s
kube-system kube-scheduler-slave-node 1/1 Running 0 4m11s

kris@gandalf1:~$ sudo kubectl get nodes
NAME STATUS ROLES AGE VERSION
slave-node Ready master 4m42s v1.17.4

kris@gandalf1:~$ sudo apt install net-tools
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
efibootmgr libfwup1 libwayland-egl1-mesa
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
net-tools
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 194 kB of archives.
After this operation, 803 kB of additional disk space will be used.
Get:1 http://pl.archive.ubuntu.com/ubuntu bionic/main amd64 net-tools amd64 1.60+git20161116.90da8a0-1ubuntu1 [194 kB]
Fetched 194 kB in 0s (1?464 kB/s)
Selecting previously unselected package net-tools.
(Reading database ... 165712 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60+git20161116.90da8a0-1ubuntu1_amd64.deb ...
Unpacking net-tools (1.60+git20161116.90da8a0-1ubuntu1) ...
Setting up net-tools (1.60+git20161116.90da8a0-1ubuntu1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

kris@gandalf1:~$ ifconfig

cni0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.244.0.1 netmask 255.255.255.0 broadcast 0.0.0.0

docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255

flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.244.0.0 netmask 255.255.255.255 broadcast 0.0.0.0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0

wlp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.22 netmask 255.255.255.0 broadcast 192.168.1.255

microwebservices.eu Snippets & microservices.com.pl Notes

Saturday, February 29, 2020

start.spring.io

Spring Cloud Config

Spring Cloud Netflix

Spring Cloud Bus

Spring Cloud Cloudfoundry

Spring Cloud Open Service Broker

Spring Cloud Cluster

Spring Cloud Consul

Spring Cloud Security

Spring Cloud Sleuth

Spring Cloud Data Flow

Spring Cloud Stream

Spring Cloud Stream App Starters

Spring Cloud Task

Spring Cloud Task App Starters

Spring Cloud Zookeeper

Spring Cloud Connectors

Spring Cloud Starters

Spring Cloud CLI

Spring Cloud Contract

Spring Cloud Gateway

Spring Cloud OpenFeign

Spring Cloud Pipelines

Spring Cloud Function