Latest revision as of 20:54, 3 February 2021

Simple Install of LXD ADC via NGINX for Fronting Kubernetes

Start 1 VM for Kubernetes and one LXD container for NGINX

lxc launch ubuntu:focal adc

lxc init ubuntu:focal k0 --vm
lxc config set m8s limits.cpu=8 limits.memory=16GB
lxc config device override m8s root size=50GB
lxc start microk8s
lxc list microk8s
lxc exec k0 -- snap install microk8s

k0:~/demo.yml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
    - host: demo.uvoo.io
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: demo
                port:
                  number: 8080

k0

#!/usr/bin/env bash
set -e
alias kubectl='microk8s kubectl'
shopt -s expand_aliases

microk8s enable ingress
microk8s kubectl delete deployment demo | true
microk8s kubectl delete service demo | true
microk8s kubectl delete -f demo.yml | true


microk8s kubectl create deployment demo --image=gcr.io/google-samples/hello-app:1.0
microk8s kubectl expose deployment demo --type=NodePort --port=8080
microk8s kubectl apply -f demo.yml
curl -H "Host: demo.uvoo.io" 127.0.0.1

#!/usr/bin/env bash
set -e

ts=`date +%Y-%m-%d_%H-%M-%S`

clear(){
  sudo iptables-save > /tmp/iptables-save.$ts.ipt
  sudo iptables -P INPUT ACCEPT
  sudo iptables -P FORWARD ACCEPT
  sudo iptables -P OUTPUT ACCEPT
  sudo iptables -t nat -F
  sudo iptables -t mangle -F
  sudo iptables -F
  # sudo iptables -x
  sudo iptables -X -t nat
}

adc_nat(){
  adcip=$(lxc list adc -c 4 | awk '!/IPV4/{ if ( $2 != "" ) print $2}')
  ip=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
  # sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -d $ip -j DNAT --to-destination $adcip:80
  # sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -d $ip -j DNAT --to-destination $adcip:443
  before_file="/etc/ufw/before.rules"
  sudo sed -i "1 i\*nat" $before_file
  sudo sed -i "2 i\-I PREROUTING -p tcp --dport 443 -d $ip -j DNAT --to-destination $adcip" $before_file
  sudo sed -i "3 i\-I PREROUTING -p tcp --dport 80 -d $ip -j DNAT --to-destination $adcip" $before_file
  sudo sed -i "4 i\COMMIT" $before_file
  sudo systemctl restart ufw
}

# clear
adc_nat
sudo restart snap  # Will cause downtime but refreshes lxd iptables

Gen self signed cert

lxc exec adc -- sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt -subj "/C=US/ST=Utah/L=SLC/O=Example Corp/OU=Testing/CN=example.io"

adc:/etc/nginx/conf.d/demo.conf

upstream kub-ingress {
    least_conn;
    server k0;
}

server {
    server_name  demo.uvoo.io;
    listen  80;
    listen  [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

    location /hi {
       default_type text/html;
       return 200 "<!DOCTYPE html><h3>Hi!</h3>\n";
    }

    location / {
        proxy_pass  http://kub-ingress;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
}

Use letsencrypt

curl -k -H "Host: demo.uvoo.io" https://$adcip  # Make sure site is up (this can take several minutes on reboot
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --no-redirect --nginx -d demo.uvoo.io

Hopefully you see something like

Hello, world!
Version: 1.0.0
Hostname: demo-6fcfc5f6f4-llh4c

Useful Commands

`` docker exec -it 4aaf0e832b3f /bin/bash lxc shell k0 ```

Difference between revisions of "Kubernetes LXD"

Latest revision as of 20:54, 3 February 2021

Contents

Simple Install of LXD ADC via NGINX for Fronting Kubernetes

Gen self signed cert

Useful Commands

References

Navigation menu

Search