IMPORTANT: This stack should not be used in production environments.
Description
Bitnami Kubernetes Sandbox provides a complete, easy to deploy development environment for containerised apps. It is a realistic environment to learn and develop services in Kubernetes.
For more information about Kubernetes, check Bitnami Kubernetes documentation and the official Kubernetes website.
First steps with the Bitnami Kubernetes Sandbox Stack
Welcome to your new Bitnami application running on Microsoft Azure! Here are a few questions (and answers!) you might need when first starting with your application.
What credentials do I need?
You need two sets of credentials:
- The application credentials that allow you to log in to your new Bitnami application. These credentials consist of a username and password.
- The server credentials that allow you to log in to your Microsoft Azure server using an SSH client and execute commands on the server using the command line. These credentials consist of an SSH username and key.
What is the administrator username set for me to log in to the application for the first time?
Username: user
What SSH username should I use for secure shell access to my application?
SSH username: bitnami
How to start or stop the services?
The main cluster service is kubelet, which is responsible of executing all the containers in the cluster. kubelet is a systemd service, so can use systemctl to manage it. Use this command to stop the cluster:
$ sudo systemctl stop kubelet
Start the service by running systemctl as follows:
$ sudo systemctl start kubelet
Restart the service as follows:
$ sudo systemctl restart kubelet
You can check the status of the service by executing:
$ sudo systemctl status kubelet
What is the default configuration?
The following pods are available by default in the cluster:
- Kubernetes control plane (kube-apiserver, kube-scheduler, kube-controller and etcd-server): Manages, configures and validates all the elements in the cluser (pods, deployments, nodes, and so on). This is essential for the cluster to work correctly.
- Ingress controller (nginx-server and default-http-backend): Nginx server that allows the user to deploy inbound connection rules to reach the cluster services.
- Heapster (heapster, influxdb): enables container cluster monitoring and performance analysis.
- Grafana: cluster metrics visualization and analysis tool.
- Helm: tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources.
- Persistent Local Volume provisioner (local-volume-provisioner): Allows the dynamic creation of persisent volumes using the Virtual Machine's filesystem.
- Kubernetes Dashboard (kubernetes-hasdboard): Web-based UI for managing the cluster.
This cluster has also Role Based Access Control (RBAC) policies enabled.
Where can I find the default kubeconfig file?
The default configuration file is located in /etc/kubernetes/admin.conf
Kubernetes Ports
This application is listening in the following ports:
- 80: Ingress controller HTTP port.
- 443: Ingress controller HTTPS port.
- 6443: Kubernetes API Server port.
- 30000-40000: Nodeport services.
You can find how to check and modify your firewall settings here.
What are the default ports?
A port is an endpoint of communication in an operating system that identifies a specific process or a type of service. Bitnami stacks include several services or servers that require a port.
Remember that if you need to open some ports you can follow the instructions given in the FAQ to learn how to open the server ports for remote access.
Port 22 is the default port for SSH connections.
Bitnami opens some ports for the main servers. These are the ports opened by default: 80, 443, 6443, 30000-40000.
Getting started with your Kubernetes Cluster
Initialize your Helm configuration
This cluster has Helm (and its tiller server) already installed, so execute the following command to start using Helm:
$ helm init
Install an application using a Helm Chart
A Helm chart describes a specific version of an application, also known as a "release". The "release" includes files with Kubernetes-needed resources and files that describe the installation, configuration, usage and license of a chart.
The steps below show, step by step, how to run the following Bitnami applications using Helm charts:
These are just some concrete examples of application releases. Find more Bitnami charts.
By executing the helm install command the application will be deployed on the Kubernetes cluster. You can install more than one chart across the cluster or clusters.
| IMPORTANT: If you don't specify a release name with the --name option one will be automatically assigned. |
You can find an example of the installation of Redis using Helm charts below:
$ helm install stable/redis
| NOTE: Check the configurable parameters of the Redis chart and their default values at the official Kubernetes GitHub repository. |
Once you have the chart installed a "Notes" section will be shown at the bottom of the installation information. It contains important instructions about how to obtain your application's IP address or credentials. Please check it carefully:
Find how to install MongoDB, Odoo or WordPress in the examples below:
-
To install the most recent MongoDB release, run the following command:
$ helm install stable/mongodbNOTE: Check the configurable parameters of the MongoDB chart and their default values at the official Kubernetes GitHub repository. -
To install the most recent Odoo release, run the following command:
$ helm install stable/odooNOTE: Check the configurable parameters of the Odoo chart and their default values at the official Kubernetes GitHub repository. -
To install the most recent WordPress release, run the following command:
$ helm install stable/wordpress --set mariadb.image=bitnami/mariadb:10.1.21-r0NOTE: Check the configurable parameters of the WordPress chart and their default values at the official Kubernetes GitHub repository.
Now, you can manage your deployments from the Kubernetes Dashboard. Follow the instructions below to access the Web user interface.
Access the Kubernetes Dashboard
The Kubernetes Dashboard is a Web user interface from which you can manage your clusters in a more simple and digestible way. It provides information on the cluster state, deployments and container resources. You can also check both the credentials and the log error file of each pod within the deployment.
To open the Kubernetes Dashboard, access http://YOUR_IP (replacing the YOUR_IP placeholder with your instance's address) using a browser. You will be prompted a username and a password. Follow this section to obtain them.
The home screen shows the "Workloads" section. Here you get an overview of the following cluster elements:
- CPU usage
- Memory usage
- Deployments
- Replica Sets
- Pods
From this home screen, you can perform some basic actions such as:
- Monitoring the status of your deployments and pods.
- Checking pod and container(s) logs to identify possible errors during the creation of the containers.
- Finding application credentials.
Monitor the status of Deployments and Pods
Monitor Deployments
- To check detailed information about the status of your deployments, navigate to the "Workloads -> Deployments" section located on the left menu. It shows a screen with a graphical representation of the CPU and memory usage, as well as a list of all deployments you have in your cluster.
- Click each deployment to obtain detailed information of the selected deployment:
Monitoring pods
Pods are the smallest units in Kubernetes deployments. They can contain one or multiple containers (that need to share resources in order to work together). Learn more about pods.
When you click on a pod in the "Workloads -> Pods", you access the pod list. By selecting a pod, you will see the "Details" section that contains information related to the pod,and a "Containers" section that includes the information related to this pod's container(s).
Follow these instructions to access pod and container information:
- To check the status of your deployments in detail, navigate to the "Workloads -> Pods" section located on the left menu. It shows the pod list:
- Click the pod you'd like to access further details for.
Check logs
The Kubernetes Dashboard allows you to check the logs of both the pod and any containers belonging to the pod to detect possible errors that might have occurred. To access the logs viewer, follow the steps below:
-
Navigate to the "Workloads -> Pods" section located on the left menu, select the pod you'd like to check from the pod list.
-
In the detail page of the selected pod, you will find a "View logs" link both in the "Details" and "Containers" section. Click the one you want to see:
The logs viewer opens:
Find application credentials
The application credentials are shown in the "Notes" section after installing the application chart:
You can get the application username and password at any time by running the following command:
$ kubectl describe po
As you can see in the image above, the application password is configured as a secret password. To get it, browse to the Kubernetes Dashboard and follow these instructions:
-
Navigate to the "Config -> Secrets" section located on the left menu.
-
Click the application for which you wish to obtain the credentials.
-
In the "Data" section, click the eye icon to see the password:
How to upload files to the server with SFTP?
| NOTE: Bitnami applications can be found in /opt/bitnami/apps. |
First, obtain your SSH credentials by following these steps:
- Browse to the Bitnami Launchpad for Microsoft Azure and sign in if required using your Bitnami account.
- Select the "Virtual Machines" menu item.
- Select your cloud server from the resulting list.
-
Note the server IP address and SSH credentials on the resulting page. Your server may have been deployed using either an SSH password or an SSH key.
Although you can use any SFTP/SCP client to transfer files to your server, this guide documents FileZilla (Windows, Linux and Mac OS X), WinSCP (Windows) and Cyberduck (Mac OS X).
Using an SSH Key
Once you have your server's SSH key, choose your preferred application and follow the steps below to connect to the server using SFTP.
FileZilla
| IMPORTANT: To use FileZilla, your server private key should be in PPK format. |
Follow these steps:
- Download and install FileZilla.
- Launch FileZilla and use the "Edit -> Settings" command to bring up FileZilla's configuration settings.
-
Within the "Connection -> SFTP" section, use the "Add keyfile" command to select the private key file for the server. FileZilla will use this private key to log in to the server.
- Use the "File -> Site Manager -> New Site" command to bring up the FileZilla Site Manager, where you can set up a connection to your server.
- Enter your server host name and specify bitnami as the user name.
-
Select "SFTP" as the protocol and "Ask for password" as the logon type.
- Use the "Connect" button to connect to the server and begin an SFTP session. You might need to accept the server key, by clicking "Yes" or "OK" to proceed.
You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.
If you have problems accessing your server, get extra information by use the "Edit -> Settings -> Debug" menu to activate FileZilla's debug log.
WinSCP
| IMPORTANT: To use WinSCP, your server private key should be in PPK format. |
Follow these steps:
- Download and install WinSCP.
- Launch WinSCP and in the "Session" panel, select "SCP" as the file protocol.
-
Enter your server host name and specify bitnami as the user name.
-
Click the "Advanced…" button and within the "SSH -> Authentication -> Authentication parameters" section, select the private key file for the server. WinSCP will use this private key to log in to the server.
- From the "Session" panel, use the "Login" button to connect to the server and begin an SCP session.
You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.
If you need to upload files to a location where the bitnami user doesn't have write permissions, you have two options:
-
Once you have configured WinSCP as described above, click the "Advanced…" button and within the "Environment -> Shell" panel, select sudo su - as your shell. This will allow you to upload files using the administrator account.
-
Upload the files to the /home/bitnami directory as usual. Then, connect via SSH and move the files to the desired location with the sudo command, as shown below:
$ sudo mv /home/bitnami/uploaded-file /path/to/desired/location/
Cyberduck
| IMPORTANT: To use Cyberduck, your server private key should be in PEM format. |
Follow these steps:
-
Select the "Open Connection" command and specify "SFTP" as the connection protocol.
-
In the connection details panel, under the "More Options" section, enable the "Use Public Key Authentication" option and specify the path to the private key file for the server.
-
Use the "Connect" button to connect to the server and begin an SFTP session.
You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.
Using a Password
Once you have your server's SSH credentials, choose your preferred application and follow the steps below to connect to the server using SFTP.
FileZilla
Follow these steps:
- Download and install FileZilla.
- Launch FileZilla and use the "File -> Site Manager -> New Site" command to bring up the FileZilla Site Manager, where you can set up a connection to your server.
- Enter your server host name.
-
Select "SFTP" as the protocol and "Ask for password" as the logon type. Use bitnami as the server username and the password generated during the server deployment process.
- Use the "Connect" button to connect to the server and begin an SFTP session. You might need to accept the server key, by clicking "Yes" or "OK" to proceed.
You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.
If you have problems accessing your server, get extra information by use the "Edit -> Settings -> Debug" menu to activate FileZilla's debug log.
WinSCP
Follow these steps:
- Download and install WinSCP.
- Launch WinSCP and in the "Session" panel, select "SCP" as the file protocol.
-
Enter your server host name and set bitnami as the server username. Enter the corresponding password as well.
- From the "Session" panel, use the "Login" button to connect to the server and begin an SCP session.
You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.
Cyberduck
Follow these steps:
-
Select the "Open Connection" command and specify "SFTP" as the connection protocol.
-
In the connection details panel, enter the server IP address, bitnami as the username, and the password generated during the deployment process.
-
Use the "Connect" button to connect to the server and begin an SFTP session.
You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.
How to create a Virtual Network peering?
To connect two instances internally you can enable a Virtual Network (VNet) peering from the Azure Portal. Depending if the instances were launched in the same or in different resource groups, there are two methods for performing a internal connection: sharing a virtual network or enabling a virtual network peering.
- Learn how to share a virtual network to join instances from the same resource group.
- Learn how to enable virtual network peering to join instances from different resource groups.
How to connect to Kubernetes Sandbox from a different machine?
For security reasons, the Kubernetes Sandbox ports in this solution cannot be accessed over a public IP address. To connect to Kubernetes Sandbox from a different machine, you must open port 80, 443, 6443, 30000-40000 for remote access. Refer to the FAQ for more information on this.
IMPORTANT: Making this application's network ports public is a significant security risk. You are strongly advised to only allow access to those ports from trusted networks. If, for development purposes, you need to access from outside of a trusted network, please do not allow access to those ports via a public IP address. Instead, use a secure channel such as a VPN or an SSH tunnel. Follow these instructions to remotely connect safely and reliably.
How can I run a command in the Bitnami Kubernetes Sandbox Stack?
Log in to the server console as the bitnami user and run the command as usual. The required environment is automatically loaded for the bitnami user.
How to configure kubectl to connect to Kubernetes Sandbox?
To configure a locally-installed copy of kubectl to connect to the Kubernetes Sandbox, follow these steps:
- Connect to the Bitnami Kubernetes Sandbox using SFTP.
- Download the /etc/kubernetes/admin.conf file to your local system.
-
Edit the downloaded file and update the server variable to reflect the public IP address of the running Bitnami Kubernetes Sandbox instance.
... - cluster server: https://SERVER-IP:6443 ... -
Move the downloaded file to ~/.kube/sandbox.conf:
$ sudo mv admin.conf ~/.kube/sandbox.conf -
Set the KUBECONFIG environment variable to reflect the new configuration file:
$ export KUBECONFIG=~/.kube/sandbox.conf
Your locally installed copy of kubectl should now be configured to use the Bitnami Kubernetes Sandbox. Verify this by executing kubectl cluster-info and checking the output.
How to add nodes to a Kubernetes cluster
If you have two Bitnami Kubernetes Sandbox Stack instances (each with their own Kubernetes cluster), you can create a cluster with them. In order to do so, one of the instances will be the master and the other will be the worker (you can freely chose which one is the master). This worker node will join the master node's cluster.
Get the master node token
-
Execute the following command on the master node:
$ kubeadm token list -
Write down the token listed. It will be denoted as CLUSTER_TOKEN. Get the master node's private IP address:
$ ifconfig -
Write down the IP address. It will be denoted as MASTER_IP.
Join the worker node to the master
-
Execute the following commands to tear down the worker's cluster.
$ kubeadm reset $ sudo rm /etc/kubernetes -r -
Execute this command to join the master node's cluster. Replace the CLUSTER_TOKEN and MASTER_IP placeholders:
$ kubeadm join --token=CLUSTER_TOKEN MASTER_IP:6443 -
After this command, the following command (in the master node) will show two nodes.
$ kubectl get nodes NAME STATUS AGE VERSION node1 Ready 1d v1.7.5 node2 Ready 1d v1.7.5
How to add a user to the Kubernetes Dashboard?
For security reasons, the access to the Kubernetes Dashboard requires basic authentication. The file /opt/bitnami/kubernetes/auth stores all the access credentials. If you want to add a new credential, do the following:
-
Create a new credential using OpenSSL. Substitute the USER and PASSWORD credentials.
$ export NEW_CREDENTIAL=USER:$(echo PASSWORD | openssl passwd -apr1 -noverify -stdin) -
Append the previously created credential to /opt/bitnami/kubernetes/auth.
$ echo $NEW_CREDENTIAL | sudo tee -a /opt/bitnami/kubernetes/auth -
Replace the cluster basic-auth secret.
$ kubectl delete secret basic-auth -n kube-system $ kubectl create secret generic basic-auth --from-file=/opt/bitnami/kubernetes/auth -n kube-system -
Replace the ingress rule dashboard-rule so the new secret is applied.
$ kubectl delete -f /opt/bitnami/kubernetes/manifests/kubernetes-dashboard-ingress.yaml $ kubectl create -f /opt/bitnami/kubernetes/manifests/kubernetes-dashboard-ingress.yaml
How to add a new persistent volume to the provisioner?
The local volume provisioner works like this (taken from the official local volume provisioner documentation):
"The discovery routine periodically reads the configured discovery directories and looks for new mount points that don't have a PV, and creates a PV for it."
The provisioner is configured with /opt/bitnami/kubernetes/localvolumes as the discovery directory. By default it includes 10 subfolders, so the provisioner creates 10 Persistent Volumes (PV), all of them using the local filesystem. For adding new volumes, there are two choices: use the VM's filesystem or an external filesystem.
Option 1: Volume from the VM filesystem
This is the easiest option, but it is limited to the virtual machine filesystem maximum space.
-
Create a new subfolder in /opt/bitnami/kubernetes/localvolumes/ (the subfolder name is irrelevant):
$ sudo mkdir /opt/bitnami/kubernetes/localvolumes/new_volume -
Check that a new volume is available by executing this command.
$ kubectl get pv NAME CAPACITY ... ... <new_volume_id> <vm_size> ...
Option 2: Volume from an external disk
| NOTE: We assume that the external disk is located in /dev/sdb1. |
You can also mount an external disk so it is used as a persistent volume. This is useful to overcome the VM space limitations.
-
Mount the external disk as a subfolder in /opt/bitnami/kubernetes/localvolumes/ (the subfolder name is irrelevant):
$ sudo mount /dev/sdb1 /opt/bitnami/kubernetes/localvolumes/new_volume
How to remove the Kubernetes Dashboard ingress rule?
If you do not want the Dashboard to be accessible via Ingress, then execute the following command:
$ kubectl delete -f /opt/bitnami/kubernetes/manifests/kubernetes-dashboard-ingress.yaml
Where can I learn more about Bitnami Kubernetes Sandbox Stack?
In Bitnami Official Kubernetes Documentation, you can find how-to guides for essential cluster operations, such as:
- Create your first Helm Chart
- Configure RBAC in your Kubernetes Cluster
- Secure Kubernetes Services with Ingress, TLS and LetsEncrypt
- Get Started with Serverless Computing
For a deeper understanding of Kubernetes API Objects, visit the Kubernetes Official Documentation.
How to upgrade the Kubernetes cluster?
| NOTE: This will tear down the cluster you currently have. |
If you want to upgrade your cluster to a new version of Kubernetes, follow these steps:
-
Download the latest version of Kubernetes from its Github release page.
-
Extract the downloaded tarball.
$ tar xf kubernetes.tar.gz -
Execute the following script to obtain the Kubernetes binaries.
$ cd kubernetes/client $ ./get-kube-binaries $ cd ../.. -
Extract the downloaded kube binaries.
$ cd kubernetes/server $ tar xf kubernetes-server-linux-amd64.tar.gz $ cd ../.. -
Copy the following binaries to /opt/bitnami/kubernetes/bin.
$ sudo cp kubeadm kubelet kubectl /opt/bitnami/kubernetes/bin -
Initialize the cluster.
$ kubeadm init -
Stop the recently created cluster.
$ systemctl stop kubelet -
Enable the PersistentLocalVolume alpha feature gate in /etc/kubernetes/manifests/kube-apiserver.yaml, /etc/kubernetes/manifests/kube-scheduler.yaml and /etc/kubernetes/manifests/kube-controller.yaml by adding the following line inside the command section:
--feature-gates=PersistentLocalVolumes=true -
Start the cluster.
$ sudo /opt/bitnami/ctlscript.sh start kubeadm -
If you want the extra elements included in Bitnami Kubernetes Sandbox Stack, apply the manifests found in /opt/bitnami/kubernetes/manifests.
# Weave $ kubectl create -f weave-net.yaml # Ingress $ kubectl create -f nginx-ingress-controller-rbac.yaml $ kubectl create -f nginx-ingress-controller.yaml # Heapster and Grafana $ kubectl create -f heapster.yaml $ kubectl create -f heapster-rbac.yaml $ kubectl create -f influxdb.yaml $ kubectl create -f grafana.yaml # Kubernetes Dashboard $ kubectl create -f kubernetes-dashboard.yaml $ kubectl create secret generic basic-auth --from-file=/opt/bitnami/kubernetes/auth $ kubectl create -f kubernetes-dashboard-ingress.yaml # Local Volume Provisioner $ kubectl create -f local-volume-config.yaml $ kubectl create -f local-volume-storageclass.yaml $ kubectl create -f local-volume-bootstrapper-admin-account.yaml $ kubectl create -f local-volume-bootstrapper.yaml
How to create a full backup of Kubernetes Sandbox?
Backup
The Bitnami Kubernetes Sandbox Stack is self-contained and the simplest option for performing a backup is to copy or compress the Bitnami stack installation directory. To do so in a safe manner, you will need to stop all servers, so this method may not be appropriate if you have people accessing the application continuously.
Follow these steps:
-
Change to the directory in which you wish to save your backup:
$ cd /your/directory -
Stop all servers:
$ sudo /opt/bitnami/ctlscript.sh stop -
Create a compressed file with the stack contents:
$ sudo tar -pczvf application-backup.tar.gz /opt/bitnami -
Restart all servers:
$ sudo /opt/bitnami/ctlscript.sh start
You should now download or transfer the application-backup.tar.gz file to a safe location.
Restore
Follow these steps:
-
Change to the directory containing your backup:
$ cd /your/directory -
Stop all servers:
$ sudo /opt/bitnami/ctlscript.sh stop -
Move the current stack to a different location:
$ sudo mv /opt/bitnami /tmp/bitnami-backup -
Uncompress the backup file to the original directoryv
$ sudo tar -pxzvf application-backup.tar.gz -C / -
Start all servers:
$ sudo /opt/bitnami/ctlscript.sh start
If you want to create only a database backup, refer to these instructions for MySQL and PostgreSQL.