Proyecto final - Redes de Computadoras 2022-2#

Equipo-BASJ-MAMM-MELE-MOGJ#

  • Bautista Sandoval Juan Carlos 314275541
  • Martínez Mendoza Miguel Angel 314133225
  • Mendoza López Edgar Omar 308341209
  • Monter Gallardo Jessica 305116941

Usuarios de DockerHub#

  • jessmonter
  • happypolarbear
  • miguel5963
  • mledgaro

Creación de imágenes de contenedor#

  • Docker Docker es una plataforma abierta para que desarrolladores y administradores de sistemas desarrollen, envíen y ejecuten aplicaciones distribuidas, ya sea en computadoras portátiles, maquinas virtuales de centros de datos o en la nube. Docker empaqueta software en “contenedores” que incluyen en ellos todo lo necesario para que dicho software se ejecute, incluidas librerías. Con Docker se puede implementar y ajustar la escala de aplicaciones de una forma rápida en cualquier entorno con la garantía de que el código se ejecutará.

Docker es un conjunto de productos de plataforma como servicio (PaaS) que utilizan la virtualización a nivel del sistema operativo para entregar software en paquetes denominados contenedores

  • Dockerfile Docker puede crear imágenes automáticamente leyendo las instrucciones de un Dockerfile. Un Dockerfile es un documento de texto que contiene todos los comandos que un usuario podría llamar en la línea de comandos para ensamblar una imagen. Usando docker build los usuarios pueden crear una compilación automatizada que ejecute varias instrucciones de línea de comandos en sucesión

Para la creación de las imágenes de contenedor haremos uso de la sintaxis de dockerfile la cual utiliza BuildKit y algunas características modernas como heredoc en el comando COPY

Para este proyecto utilizaremos dos dockerfiles ubicados en los directorios linux-doc y tareas-redes respectivamente, cada uno funciona de la siguiente manera:

linux-doc – la siguiente línea sirve para utilizar las características avanzadas de BuildKit

# syntax=docker/dockerfile:1.4

– La instrucción FROM especifica la imagen principal a partir de la cual está construyendo en este caso es debian:11 pero para manejar dicha imagen más fácil la renombramos como debían para eso usamos la directiva AS.

FROM    docker.io/library/debian:11 AS debian

–Las variables de entorno (declaradas con la declaración ENV) se pueden usar en ciertas instrucciones como variables para ser interpretadas por Dockerfile.

ENV DEBIAN_FRONTEND=noninteractive

– Utilizaremos la nueva sintaxis HereDoc para especificar el contenido del archivo en el Dockerfile

COPY    <<EOF  /etc/apt/apt.conf.d/99-local
quiet "2";
APT::Get::Assume-Yes "1";
APT::Install-Recommends "0";
APT::Install-Suggests "0";
APT::Color "0";
Dpkg::Progress "0";
Dpkg::Progress-Fancy "0";
EOF

– La instrucción RUN ejecutará cualquier comando en una nueva capa encima de la imagen actual y confirmará los resultados. La imagen confirmada resultante se usará para el siguiente paso en el Dockerfile, en este caso solo actualizamos el sistema e instalamos linux-doc.

RUN apt update && \
    apt install linux-doc

– Finalmente hacemos un proceso similar al anterior es decir, especificamos la imagen sobre la cual trabajaremos(nginx:1.22-alpine) llamándola app, declaramos variables de entorno para usarlas en el comando COPY la cual especificar el contenido del archivo en el Dockerfile

FROM    docker.io/library/nginx:1.22-alpine AS app

ENV NGINX_ROOT=/usr/share/nginx/html \
    LINUX_DOC_ROOT=/usr/share/doc/linux-doc/html

COPY    --from=debian ${LINUX_DOC_ROOT} ${NGINX_ROOT}

tareas-redes

– la siguiente línea sirve para utilizar las características avanzadas de BuildKit

# syntax=docker/dockerfile:1.4

– La instrucción WORKDIR establece el directorio de trabajo para cualquier instrucción RUN, CMD, ENTRYPOINT, COPY y ADD que le sigue en el Dockerfile. Si WORKDIR no existe, se creará incluso si no se usa en ninguna instrucción posterior de Dockerfile.

WORKDIR /srv
  • Las variables de entorno (declaradas con la declaración ENV) se pueden usar en ciertas instrucciones como variables para ser interpretadas por Dockerfile,
ENV GIT_PROJECT=miguelAngel5963 \
    GIT_REPO=tareas-redes \
    GIT_BRANCH=proyecto-final

Uso de las variables anteriores, para el ARCHIVE_FILE y GITLAB_URL.#

ENV ARCHIVE_FILE=${GIT_REPO}.tar.gz \   GITLAB_URL="https://gitlab.com/${GIT_PROJECT}/${GIT_REPO}/-/archive/${GIT_BRANCH}/${GIT_REPO}-${GIT_BRANCH}.tar.gz"

Cada que se ejecute el dockerfile se hace lo siguiente, como sabemos GNU Wget es un paquete de software gratuito para recuperar archivos usando HTTP, HTTPS, FTP y FTPS, en este caso recupera archivos de GITLAB_URL, a continuación mostramos los archivos que tenemos, descomprimimos archivos, configuramos y actualizamos pip3 y finalmente vemos donde tenemos mk docks para posteriormente construir –strict, mostrando nuevamente los archivos que se tienen..

RUN wget -c -q -O ${ARCHIVE_FILE} ${GITLAB_URL} && \
    ls -l ${ARCHIVE_FILE} && \
    tar -xvzf ${ARCHIVE_FILE} --strip 1 && \
    rm -v ${ARCHIVE_FILE} && \
    pip3 config --global set global.progress_bar off && \
    pip3 install --upgrade pip && \
    pip3 install --requirement requirements.txt && \
    which mkdocs && \
    mkdocs build --strict && \
    ls -la .

Finalmente hacemos un proceso similar al anterior es decir, especificamos la imagen sobre la cual trabajaremos(nginx:1.22-alpine) llamándola app, declaramos variables de entorno para usarlas en el comando COPY la cual especificar el contenido del archivo en el Dockerfile

FROM    docker.io/library/nginx:1.22-alpine AS app

ENV NGINX_ROOT=/usr/share/nginx/html \
    MKDOCS_ROOT=/srv/public

COPY    --from=python ${MKDOCS_ROOT} ${NGINX_ROOT}

Construir imágenes de contenedor#

Utiliza “docker build” para construir la imagen del contenedor, verifica que el TAG corresponda a tu nombre de usuario y el contenedor linux-doc o tareas-redes según sea el caso. Para nuestro caso las instrucciones ejecutadas fueron las siguientes:

usuario@laptop ~ % docker build --progress plain -t happypolarbear/linux-doc ./
usuario@laptop ~ % docker build --progress plain -t happypolarbear/tareas-redes ./

Revisión de imágenes construidas

Para verificar que las imágenes si se construyeron ejecutamos el siguiente comando:

usuario@laptop ~ % docker images

el cual nos muestra las imágenes que tenemos y entre las cuales debemos de tener:

happypolarbear/linux-doc
happypolarbear/tareas-redes

Enviar las imágenes de contenedor al registry#

Una vez creada las imágenes procedemos a utilizar docker push para enviar tus imágenes de contenedor linux-doc y tareas-redes al registry Docker Hub.

para ello utilizamos las siguientes instrucciones;

usuario@laptop ~ % docker push happypolarbear/linux-doc
usuario@laptop ~ % docker push happypolarbear/tareas-redes

Cabe mencionar que para realizar este procedimiento se debió de tener una cuenta en docker hub, la cual en este caso fue happypolarbear, además de loguearse en la computadora para obtener los permisos necesarios para subir dichas imágenes a esa cuenta.

Verificación#

Para verificar que los cambios se hayan subido correctamente, podemos buscar dichas imágenes en docker hub.

  • https://hub.docker.com/search?q=happypolarbear

  • Kubernetes: Es una plataforma portable y extensible de código abierto para administrar cargas de trabajo y servicios. Kubernetes facilita la automatización y la configuración declarativa. Tiene un ecosistema grande y en rápido crecimiento. El soporte, las herramientas y los servicios para Kubernetes están ampliamente disponibles.

  • k3s: Es una distribución altamente disponible y certificada de Kubernetes para cargas de trabajo productivas en dispositivos de poco mantenimiento, dispositivos de recursos limitados o atentidos de manera remota. K3s viene empaquetado en un binario de tan solo <50MB que reduce la cantidad de dependencias y pasos para ser instalar, ejecutar y actualizar de manera automática un clúster productivo de Kubernetes.

Revisión del uso de Memoria RAM de la máquina virtual#

La máquina virtual que utilizamos actualmente (B1S) cuenta únicamente con las siguientes características:

  • 1 vCPU y 512 MB de RAM

Por lo que es necesario realizar configuraciones que permitan reducir el uso de RAM y así poder instalar y hacer uso de otras tecnologías sin topar los recursos existentes.

El uso actual de RAM es el siguiente:

redes@redes:~$ free -m
               total        used        free      shared  buff/cache   available
Mem:             913         136          79           0         698         629
Swap:              0           0           0

Eliminado de la instalación de apache2#

root@redes:~# apt remove apache2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  apache2-bin apache2-data apache2-utils augeas-lenses libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libaugeas0 libjansson4 python3-augeas ssl-cert
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
  apache2 python3-certbot-apache
0 upgraded, 0 newly installed, 2 to remove and 1 not upgraded.
After this operation, 965 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 51313 files and directories currently installed.)
Removing python3-certbot-apache (1.10.1-1) ...
Removing apache2 (2.4.53-1~deb11u1) ...
Processing triggers for man-db (2.9.4-2) ...

Sustitución de rsyslog por busybox-syslogd#

BusyBox combina pequeñas versiones de diversas utilidades de UNIX dentro de un pequeño ejecutable. Nos provee reemplazos minimalistas para la mayoría de funcionalidades que se encuentran en GNU coreutils, util-linux, etc. BusyBox está escrito con el objetivo de ser usado en sistemas que requieren optimizaciones de tamaño y recursos limitados.

Quitamos rsyslog

root@redes:~# apt remove rsyslog
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  apache2-bin apache2-data apache2-utils augeas-lenses libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libaugeas0 libestr0 libfastjson4 libjansson4 liblognorm5 python3-augeas ssl-cert
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
  rsyslog
0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
After this operation, 1920 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 51224 files and directories currently installed.)
Removing rsyslog (8.2102.0-2+deb11u1) ...
Processing triggers for man-db (2.9.4-2) ...

Instalamos busybox-syslogd

root@redes:~# apt install busybox-syslogd
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  apache2-bin apache2-data apache2-utils augeas-lenses libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libaugeas0 libestr0 libfastjson4 libjansson4 liblognorm5 python3-augeas ssl-cert
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  busybox
The following NEW packages will be installed:
  busybox busybox-syslogd
0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
Need to get 461 kB of archives.
After this operation, 858 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://debian-archive.trafficmanager.net/debian bullseye/main amd64 busybox amd64 1:1.30.1-6+b3 [435 kB]
Get:2 http://debian-archive.trafficmanager.net/debian bullseye/main amd64 busybox-syslogd all 1:1.30.1-6 [26.2 kB]
Fetched 461 kB in 0s (3414 kB/s)
Selecting previously unselected package busybox.
(Reading database ... 51168 files and directories currently installed.)
Preparing to unpack .../busybox_1%3a1.30.1-6+b3_amd64.deb ...
Unpacking busybox (1:1.30.1-6+b3) ...
Selecting previously unselected package busybox-syslogd.
Preparing to unpack .../busybox-syslogd_1%3a1.30.1-6_all.deb ...
Unpacking busybox-syslogd (1:1.30.1-6) ...
Setting up busybox (1:1.30.1-6+b3) ...
Setting up busybox-syslogd (1:1.30.1-6) ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for initramfs-tools (0.140) ...
update-initramfs: Generating /boot/initrd.img-5.10.0-15-cloud-amd64

Deshabilitado de unttended-upgrades#

El propósito de este paquete es mantener el sistema con lás actualizaciones más recientes de seguridad de manera automática.

root@redes:~# systemctl disable unattended-upgrades
Synchronizing state of unattended-upgrades.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable unattended-upgrades
Removed /etc/systemd/system/multi-user.target.wants/unattended-upgrades.service.

Deshabilitado de las tareas programadas#

El sistema cuenta con un conjunto de tareas programadas, es decir, que se ejecutan periódicamente aumentando el uso de recursos como la memoria RAM.

root@redes:~# mkdir -vp /etc/cron.daily.disabled
mkdir: created directory '/etc/cron.daily.disabled'
root@redes:~# mv -v /etc/cron.daily /etc/cron.daily.disabled
renamed '/etc/cron.daily' -> '/etc/cron.daily.disabled/cron.daily'

Reducción el uso de memeoria de JournalD#

Cuando se inicia el sistema y durante su operación se registra la actividad en varios archivos que reciben el nombre de logs del sistema. Bajo systemd, el encargado de recolectar y almacenar los mensajes del kernel y otras fuentes recibe el nombre de journald

Configuración JournalD

Área de intercambio SWAP#

Swap es un espacio de intercambio que utiliza el disco duro, en lugar de la RAM para almacenar datos temporalmente.

Habilitar política de SWAP en sysctl

root@redes:/etc/sysctl.d# nano 99-sysctl.conf
root@redes:/etc/sysctl.d# sysctl -p
vm.swappiness = 1
root@redes:/etc/sysctl.d# cat /proc/sys/vm/swappiness
1

Creación de partición de SWAP#

root@redes:/etc/sysctl.d# lsblk
NAME    MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda       8:0    0   30G  0 disk
|-sda1    8:1    0 29.9G  0 part /
|-sda14   8:14   0    3M  0 part
`-sda15   8:15   0  124M  0 part /boot/efi
sdb       8:16   0    4G  0 disk
`-sdb1    8:17   0    4G  0 part /mnt

Desmontada

root@redes:~# lsblk
NAME    MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda       8:0    0   30G  0 disk
|-sda1    8:1    0 29.9G  0 part /
|-sda14   8:14   0    3M  0 part
`-sda15   8:15   0  124M  0 part /boot/efi
sdb       8:16   0    4G  0 disk
`-sdb1    8:17   0    4G  0 part
root@redes:~# mkswap /dev/sdb1
mkswap: /dev/sdb1: warning: wiping old ext4 signature.
Setting up swapspace version 1, size = 4 GiB (4292866048 bytes)
no label, UUID=d69067fe-0a30-4c20-a595-8b226c05a793

Configuración de montaje de SWAP#

root@redes:~# cat /etc/fstab
# /etc/fstab: static file system information
UUID=ad6b1df1-54de-4e70-800b-fccd17238cbc / ext4 rw,discard,errors=remount-ro,x-systemd.growfs 0 1
UUID=E098-B03A /boot/efi vfat defaults 0 0
# /dev/disk/cloud/azure_resource-part1  /mnt    auto    defaults,nofail,comment=cloudconfig 0   2
/dev/sdb1   none    swap    defaults    0   0

Habilitar SWAP#

root@redes:~# swapon -va
swapon: /dev/sdb1: found signature [pagesize=4096, signature=swap]
swapon: /dev/sdb1: pagesize=4096, swapsize=4292870144, devsize=4292870144
swapon /dev/sdb1

Menos RAM utilizada

root@redes:~# free -m
               total        used        free      shared  buff/cache   available
Mem:             913         126         151           0         636         639
Swap:           4093           0        4093

Memoria RAM libre después de reiniciar

redes@redes:~$ free -m
               total        used        free      shared  buff/cache   available
Mem:             913         111         708           0          93         685
Swap:           4093           0        4093

Instalación de k3s en Debian 11#

Verificación de script de instalación#

Verificación sript k3s

Copia del script#

root@redes:~# wget -c -nv -O ~/get-k3s-io.sh https://get.k3s.io/
2022-06-16 15:16:49 URL:https://get.k3s.io/ [27527/27527] -> "/root/get-k3s-io.sh" [1]
root@redes:~# ls
apache2-logs.tar.gz apache2.tar files get-k3s-io.sh letsencrypt.tar virtualhosts.txt www.tar
root@redes:~# export INSTALL_K3S_SKIP_START="true"
root@redes:~# export INSTALL_K3S_EXEC="--tls-san='k3s.redes.bigtown.com.mx' --tls-san='20.211.99.164' --disable-cloud-controller --disable=metrics-server --disable=servicelb --disable=traefik"
root@redes:~# ~/get-k3s-io.sh
[INFO]  Finding release for channel stable
[INFO]  Using v1.23.6+k3s1 as release
[INFO]  Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.23.6+k3s1/sha256sum-amd64.txt
[INFO]  Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.23.6+k3s1/k3s
[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
[INFO]  Skipping installation of SELinux RPM
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s
[INFO]  Creating /usr/local/bin/crictl symlink to k3s
[INFO]  Creating /usr/local/bin/ctr symlink to k3s
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.

Establecer variables de entorno para k3s#

root@redes:~# cat > /etc/systemd/system/k3s.service.env << EOF

> # Aggressive garbage collector
>
> GOGC=10
> EOF

Iniciar el servicio de k3s#

Se reinicia la máquina

Verificación de estado del proceso

redes@redes:~$ PAGER=cat systemctl status --full k3s
● k3s.service - Lightweight Kubernetes
     Loaded: loaded (/etc/systemd/system/k3s.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-06-16 15:22:23 CDT; 13min ago
       Docs: https://k3s.io
   Main PID: 567 (k3s-server)
      Tasks: 66
     Memory: 582.5M
        CPU: 51.753s
     CGroup: /system.slice/k3s.service
             ├─ 567 /usr/local/bin/k3s server
             ├─ 597 containerd -c /var/lib/rancher/k3s/agent/etc/containerd/config.toml -a /run/k3s/containerd/containerd.sock --state /run/k3s/containerd --root /var/lib/rancher/k3s/agent/containerd
             ├─1104 /var/lib/rancher/k3s/data/8c2b0191f6e36ec6f3cb68e2302fcc4be850c6db31ec5f8a74e4b3be403101d8/bin/containerd-shim-runc-v2 -namespace k8s.io -id 3206b1f039e0c756daac8ff3eaa0d2abbf493941a260fa9e0e639161f8a500d7 -address /run/k3s/containerd/containerd.sock
             └─1168 /var/lib/rancher/k3s/data/8c2b0191f6e36ec6f3cb68e2302fcc4be850c6db31ec5f8a74e4b3be403101d8/bin/containerd-shim-runc-v2 -namespace k8s.io -id 93e328e7e583c136640bdbefb0a9ec7ef1e6ba1af3d9bc628a21f89e23a01aa9 -address /run/k3s/containerd/containerd.sock

Uso de RAM con k3s activo

redes@redes:~$ free -m
               total        used        free      shared  buff/cache   available
Mem:             913         407          68           0         437         368
Swap:           4093           0        4093

Revisa que el puerto de kube-apiserver esté escuchando#

root@redes:~# netstat -ntulp | grep 6443
tcp6       0      0 :::6443                 :::*                    LISTEN      567/k3s server

Prepara el archivo ~/.kube/config en el equipo remoto

root@redes:~# adduser redes staff
Adding user `redes' to group `staff' ...
Adding user redes to group staff
Done.

root@redes:~# chown -c root:staff /etc/rancher/k3s/k3s.yaml
changed ownership of '/etc/rancher/k3s/k3s.yaml' from root:root to root:staff

root@redes:~# chmod -c 0440 /etc/rancher/k3s/k3s.yaml
mode of '/etc/rancher/k3s/k3s.yaml' changed from 0600 (rw-------) to 0440 (r--r-----)

Haz una liga simbólica al archivo k3s.yaml en la ruta ~/.kube/config con el usuario root

root@redes:~# mkdir -vp ~/.kube
mkdir: created directory '/root/.kube'

root@redes:~# ln -vsf /etc/rancher/k3s/k3s.yaml ~/.kube/config
'/root/.kube/config' -> '/etc/rancher/k3s/k3s.yaml'

Copia el archivo k3s.yaml en la ruta ~/.kube/config con el usuario redes y ajusta los permisos

root@redes:~# su - redes

redes@redes:~$ mkdir -vp ~/.kube
mkdir: created directory '/home/redes/.kube'

redes@redes:~$ sudo cp -v /etc/rancher/k3s/k3s.yaml ~/.kube/config
'/etc/rancher/k3s/k3s.yaml' -> '/home/redes/.kube/config'

redes@redes:~$ sudo chown -c redes:staff ~/.kube/config
changed ownership of '/home/redes/.kube/config' from root:root to redes:staff

Conectarse al cluster de Kubernetes desde el equipo remoto#

Utilizar el programa kubectl que fué instalado por k3s para listar la información del cluster

redes@redes:~$ which kubectl
/usr/local/bin/kubectl

redes@redes:~$ kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.6+k3s1", GitCommit:"418c3fa858b69b12b9cefbcff0526f666a6236b9", GitTreeState:"clean", BuildDate:"2022-04-28T22:16:18Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.6+k3s1", GitCommit:"418c3fa858b69b12b9cefbcff0526f666a6236b9", GitTreeState:"clean", BuildDate:"2022-04-28T22:16:18Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}

redes@redes:~$ kubectl get nodes -o wide
NAME                   STATUS   ROLES                  AGE   VERSION        INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION          CONTAINER-RUNTIME
redes.bigtown.com.mx   Ready    control-plane,master   20m   v1.23.6+k3s1   10.0.0.4      <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-15-cloud-amd64   containerd://1.5.11-k3s2

Abrir el puerto 6443 en el grupo de seguridad de Azure#

Puerto 6443 abierto

Instala krew en el equipo local#

Como tengo una computadora con la arquitectura M1, debí buscar otros medios de instalación para kubeclt y krew

jessmonter@Jesss-MacBook-Air tareas-redes % arch -arm64 brew install kubectl
==> Downloading https://ghcr.io/v2/homebrew/core/kubernetes-cli/manifests/1.24.1
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/kubernetes-cli/blobs/sha256:74ac0aeeb34d57c543c37d71b6d4531381b124d79b7941cff89ba4a2ff8fde6a
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:74ac0aeeb34d57c543c37d71b6d4531381b124d79b7941cff89ba4a2ff8fde6a?se=2022-06-16T21%3A05%3A00Z&sig=9EJh8oo4V1yZh06ClRkTVZ
######################################################################## 100.0%
==> Pouring kubernetes-cli--1.24.1.arm64_big_sur.bottle.tar.gz
==> Caveats
zsh completions have been installed to:
  /opt/homebrew/share/zsh/site-functions
==> Summary
🍺  /opt/homebrew/Cellar/kubernetes-cli/1.24.1: 228 files, 55.4MB
==> `brew cleanup` has not been run in the last 30 days, running now...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
Removing: /Users/jessmonter/Library/Caches/Homebrew/ca-certificates--2022-03-29... (119.8KB)
Removing: /Users/jessmonter/Library/Caches/Homebrew/libfido2--1.10.0... (316KB)
Removing: /Users/jessmonter/Library/Caches/Homebrew/mysql--8.0.28_1... (78MB)
Removing: /Users/jessmonter/Library/Caches/Homebrew/mysql-client--8.0.28... (43.7MB)
Removing: /Users/jessmonter/Library/Caches/Homebrew/openssl@1.1--1.1.1n... (5MB)
Removing: /Users/jessmonter/Library/Caches/Homebrew/openssl@3--3.0.2... (7.5MB)
Removing: /Users/jessmonter/Library/Logs/Homebrew/mysql-client... (64B)
Removing: /Users/jessmonter/Library/Logs/Homebrew/icu4c... (64B)
Removing: /Users/jessmonter/Library/Logs/Homebrew/libfido2... (64B)
Removing: /Users/jessmonter/Library/Logs/Homebrew/openssl@3... (64B)
Removing: /Users/jessmonter/Library/Logs/Homebrew/ca-certificates... (64B)
Removing: /Users/jessmonter/Library/Logs/Homebrew/libcbor... (64B)
Removing: /Users/jessmonter/Library/Logs/Homebrew/zstd... (64B)
Removing: /Users/jessmonter/Library/Logs/Homebrew/mysql... (1.1KB)
Removing: /Users/jessmonter/Library/Logs/Homebrew/openssl@1.1... (64B)
Removing: /Users/jessmonter/Library/Logs/Homebrew/protobuf... (64B)
Pruned 0 symbolic links and 2 directories from /opt/homebrew

Verificación de instalación

jessmonter@Jesss-MacBook-Air ~ % which kubectl-krew
/Users/jessmonter/.krew/bin/kubectl-krew

Guías de instalación seguidas

Instalación kubectl
Instalación Krew

Salida de verificación de instalación de Krew#

jessmonter@Jesss-MacBook-Air ~ % kubectl krew
krew is the kubectl plugin manager.
You can invoke krew through kubectl: "kubectl krew [command]..."

Usage:
  kubectl krew [command]

Available Commands:
  completion  generate the autocompletion script for the specified shell
  help        Help about any command
  index       Manage custom plugin indexes
  info        Show information about an available plugin
  install     Install kubectl plugins
  list        List installed kubectl plugins
  search      Discover kubectl plugins
  uninstall   Uninstall plugins
  update      Update the local copy of the plugin index
  upgrade     Upgrade installed plugins to newer versions
  version     Show krew version and diagnostics

Flags:
  -h, --help      help for krew
  -v, --v Level   number for the log level verbosity

Use "kubectl krew [command] --help" for more information about a command.
jessmonter@Jesss-MacBook-Air ~ % kubectl krew version
OPTION            VALUE
GitTag            v0.4.3
GitCommit         dbfefa5
IndexURI          https://github.com/kubernetes-sigs/krew-index.git
BasePath          /Users/jessmonter/.krew
IndexPath         /Users/jessmonter/.krew/index/default
InstallPath       /Users/jessmonter/.krew/store
BinPath           /Users/jessmonter/.krew/bin
DetectedPlatform  darwin/amd64

Actualización

jessmonter@Jesss-MacBook-Air ~ % kubectl krew update
Updated the local copy of plugin index.

Instalación del Plugin Neat

jessmonter@Jesss-MacBook-Air ~ % kubectl krew install neat
Updated the local copy of plugin index.
Installing plugin: neat
Installed plugin: neat
\
 | Use this plugin:
 |  kubectl neat
 | Documentation:
 |  https://github.com/itaysk/kubectl-neat
/
WARNING: You installed plugin "neat" from the krew-index plugin repository.
   These plugins are not audited for security by the Krew maintainers.
   Run them at your own risk.

Equipo remoto

redes@redes:~$ KREW_VERSION=v0.4.2

redes@redes:~$ KREW_TMP_DIR=/tmp/krew

redes@redes:~$ mkdir -vp ${KREW_TMP_DIR}
mkdir: created directory '/tmp/krew'
redes@redes:~$ wget -c -nv -O ${KREW_TMP_DIR}/krew-${KREW_VERSION}.tar.gz \
  "https://github.com/kubernetes-sigs/krew/releases/download/${KREW_VERSION}/krew-linux_amd64.tar.gz"
2022-06-16 16:34:03 URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/140747457/8b7a618e-e770-46c6-a1ea-fda194a63286?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220616%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220616T213401Z&X-Amz-Expires=300&X-Amz-Signature=fb0f71b8070ccde2ea31876efb1cfb7cde566b84fccfa74df1c1fca3d9024d9b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=140747457&response-content-disposition=attachment%3B%20filename%3Dkrew-linux_amd64.tar.gz&response-content-type=application%2Foctet-stream [4186018/4186018] -> "/tmp/krew/krew-v0.4.2.tar.gz" [1]
redes@redes:~$ tar -xvvzf ${KREW_TMP_DIR}/krew-${KREW_VERSION}.tar.gz -C ${KREW_TMP_DIR}
-rw-r--r-- runner/docker 11358 1999-12-31 18:00 ./LICENSE
-rwxr-xr-x runner/docker 12164162 1999-12-31 18:00 ./krew-linux_amd64

redes@redes:~$ ${KREW_TMP_DIR}/krew-linux_amd64 install krew
Adding "default" plugin index from https://github.com/kubernetes-sigs/krew-index.git.
Updated the local copy of plugin index.
Installing plugin: krew
Installed plugin: krew
\
 | Use this plugin:
 |  kubectl krew
 | Documentation:
 |  https://krew.sigs.k8s.io/
 | Caveats:
 | \
 |  | krew is now installed! To start using kubectl plugins, you need to add
 |  | krew's installation directory to your PATH:
 |  |
 |  |   * macOS/Linux:
 |  |     - Add the following to your ~/.bashrc or ~/.zshrc:
 |  |         export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
 |  |     - Restart your shell.
 |  |
 |  |   * Windows: Add %USERPROFILE%\.krew\bin to your PATH environment variable
 |  |
 |  | To list krew commands and to get help, run:
 |  |   $ kubectl krew
 |  | For a full list of available plugins, run:
 |  |   $ kubectl krew search
 |  |
 |  | You can find documentation at
 |  |   https://krew.sigs.k8s.io/docs/user-guide/quickstart/.
 | /
/

Se agrega el comando krew al path

Agregar Krew al path

Verificación de instalación

redes@redes:~$ which kubectl-krew
/home/redes/.krew/bin/kubectl-krew

Verificando que podemos correr kubectl krew

redes@redes:~$ kubectl krew version
OPTION            VALUE
GitTag            v0.4.3
GitCommit         dbfefa5
IndexURI          https://github.com/kubernetes-sigs/krew-index.git
BasePath          /home/redes/.krew
IndexPath         /home/redes/.krew/index/default
InstallPath       /home/redes/.krew/store
BinPath           /home/redes/.krew/bin
DetectedPlatform  linux/amd64

Instalación del Plugin Neat

Actualizamos la lista de plugins

redes@redes:~$ kubectl krew update

Instalamos el plugin neat

Updated the local copy of plugin index.
redes@redes:~$ kubectl krew install neat
Updated the local copy of plugin index.
Installing plugin: neat
Installed plugin: neat
\
 | Use this plugin:
 |  kubectl neat
 | Documentation:
 |  https://github.com/itaysk/kubectl-neat
/
WARNING: You installed plugin "neat" from the krew-index plugin repository.
   These plugins are not audited for security by the Krew maintainers.
   Run them at your own risk.
jessmonter@Jesss-MacBook-Air Downloads % sed -i'' -e 's/127.0.0.1/k3s.example.com/g' ~/Downloads/redes-kube-config.yaml

jessmonter@Jesss-MacBook-Air Downloads % cat redes-kube-config.yaml
apiVersion: v1
clusters:

- cluster:
  certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUyTlRVME1UWTBNREV3SGhjTk1qSXdOakUyTWpFMU16SXhXaGNOTXpJd05qRXpNakUxTXpJeApXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUyTlRVME1UWTBNREV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUSUtFVXFqNzR1bmZCamdUVW11NExUbVNWbzZqME5hZjZkUG5WNitOOEYKZUxjYyt4UzMxM3UwaEtTWUx1ODBiQ1dJdlhKS0krRmZFeEp3ZHhpNThNSlpvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTlQWkhVcW52VktLdFVYdlFTc0EvCngxM1ZRSkl3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU1yWFh2SzIvWEg2emkvZHJIcGFFL29ZSkt1RTNuc2wKeCtOQTgraTczajcxQWlCaU1EaWh1S3k2VDZTSzNscGlpN1NodkdkZy9hbFlRak10enlLT3BXV2JBZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
  server: https://k3s.example.com:6443
  name: default
  contexts:
- context:
  cluster: default
  user: default
  name: default
  current-context: default
  kind: Config
  preferences: {}
  users:
- name: default
  user:
  client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrakNDQVRlZ0F3SUJBZ0lJZllpS2VVQjZRcVV3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOalUxTkRFMk5EQXhNQjRYRFRJeU1EWXhOakl4TlRNeU1Wb1hEVEl6TURZeApOakl4TlRNeU1Wb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJBNnkrTk9nT01Xb2FHL2cKc0FtTkc2aXdtRU94NGhCZkY0UEpTWU12cHhqUkRoQmNvTytKWlkvTUcvQ0VxSzVzMnlnY05kMlg5UDY5R2ZiOAo4WHQzRloralNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCU2lQbWFrVGhNQnYxWnBac3htU3FBbEdkNlExekFLQmdncWhrak9QUVFEQWdOSkFEQkcKQWlFQTBqbkpmLzBxNXRERHEzLzhKcmlBYzZNZ0hLQ0RISkgrcEc0R1pmTVVMQklDSVFDR1Ixb1MxdkV0UWdRRwo1NVVDalBWeStUQzhhSExteVdHaE1RVHRZOUJncWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCZHpDQ0FSMmdBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwClpXNTBMV05oUURFMk5UVTBNVFkwTURFd0hoY05Nakl3TmpFMk1qRTFNekl4V2hjTk16SXdOakV6TWpFMU16SXgKV2pBak1TRXdId1lEVlFRRERCaHJNM010WTJ4cFpXNTBMV05oUURFMk5UVTBNVFkwTURFd1dUQVRCZ2NxaGtqTwpQUUlCQmdncWhrak9QUU1CQndOQ0FBVERweVJiby9uNkJlS0F0YSsyTTNJUXBRb2pydGUyZ1BOWGgrdHNOakJLCmFPdlo3dGorNURMZjBiQzhlU0ppK2NuN3F4OW9ZRFh2VmFKc0svaXVpckZGbzBJd1FEQU9CZ05WSFE4QkFmOEUKQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVVvajVtcEU0VEFiOVdhV2JNWmtxZwpKUm5la05jd0NnWUlLb1pJemowRUF3SURTQUF3UlFJaEFQTDkwMjFKRXNjOTJSS3VaOWpPOU5VNTI1N2w1NTh1CjFQckJRTU15cU5yaEFpQk8rdWpzd2h5U3pTU0Z0Y25PSFN0Z0ZwVjdJdEpvL05yR014U0lSMHZrc3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU9Nd0lLanpMbHV0dHBNUzRXcWFPcnBKakYzR1dac2tWL0JxNytBY0hPUC9vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFRHJMNDA2QTR4YWhvYitDd0NZMGJxTENZUTdIaUVGOFhnOGxKZ3krbkdORU9FRnlnNzRsbApqOHdiOElTb3JtemJLQncxM1pmMC9yMFo5dnp4ZTNjVm53PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=

jessmonter@Jesss-MacBook-Air Downloads % nano redes-kube-config.yaml

jessmonter@Jesss-MacBook-Air Downloads % sed -i'' -e 's/127.0.0.1/k3s.redes.bigtown.com.mx/g' ~/Downloads/redes-kube-config.yaml

jessmonter@Jesss-MacBook-Air Downloads % cat redes-kube-config.yaml
apiVersion: v1
clusters:

- cluster:
  certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUyTlRVME1UWTBNREV3SGhjTk1qSXdOakUyTWpFMU16SXhXaGNOTXpJd05qRXpNakUxTXpJeApXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUyTlRVME1UWTBNREV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUSUtFVXFqNzR1bmZCamdUVW11NExUbVNWbzZqME5hZjZkUG5WNitOOEYKZUxjYyt4UzMxM3UwaEtTWUx1ODBiQ1dJdlhKS0krRmZFeEp3ZHhpNThNSlpvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTlQWkhVcW52VktLdFVYdlFTc0EvCngxM1ZRSkl3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU1yWFh2SzIvWEg2emkvZHJIcGFFL29ZSkt1RTNuc2wKeCtOQTgraTczajcxQWlCaU1EaWh1S3k2VDZTSzNscGlpN1NodkdkZy9hbFlRak10enlLT3BXV2JBZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
  server: https://k3s.redes.bigtown.com.mx:6443
  name: default
  contexts:
- context:
  cluster: default
  user: default
  name: default
  current-context: default
  kind: Config
  preferences: {}
  users:
- name: default
  user:
  client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrakNDQVRlZ0F3SUJBZ0lJZllpS2VVQjZRcVV3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOalUxTkRFMk5EQXhNQjRYRFRJeU1EWXhOakl4TlRNeU1Wb1hEVEl6TURZeApOakl4TlRNeU1Wb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJBNnkrTk9nT01Xb2FHL2cKc0FtTkc2aXdtRU94NGhCZkY0UEpTWU12cHhqUkRoQmNvTytKWlkvTUcvQ0VxSzVzMnlnY05kMlg5UDY5R2ZiOAo4WHQzRloralNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCU2lQbWFrVGhNQnYxWnBac3htU3FBbEdkNlExekFLQmdncWhrak9QUVFEQWdOSkFEQkcKQWlFQTBqbkpmLzBxNXRERHEzLzhKcmlBYzZNZ0hLQ0RISkgrcEc0R1pmTVVMQklDSVFDR1Ixb1MxdkV0UWdRRwo1NVVDalBWeStUQzhhSExteVdHaE1RVHRZOUJncWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCZHpDQ0FSMmdBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwClpXNTBMV05oUURFMk5UVTBNVFkwTURFd0hoY05Nakl3TmpFMk1qRTFNekl4V2hjTk16SXdOakV6TWpFMU16SXgKV2pBak1TRXdId1lEVlFRRERCaHJNM010WTJ4cFpXNTBMV05oUURFMk5UVTBNVFkwTURFd1dUQVRCZ2NxaGtqTwpQUUlCQmdncWhrak9QUU1CQndOQ0FBVERweVJiby9uNkJlS0F0YSsyTTNJUXBRb2pydGUyZ1BOWGgrdHNOakJLCmFPdlo3dGorNURMZjBiQzhlU0ppK2NuN3F4OW9ZRFh2VmFKc0svaXVpckZGbzBJd1FEQU9CZ05WSFE4QkFmOEUKQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVVvajVtcEU0VEFiOVdhV2JNWmtxZwpKUm5la05jd0NnWUlLb1pJemowRUF3SURTQUF3UlFJaEFQTDkwMjFKRXNjOTJSS3VaOWpPOU5VNTI1N2w1NTh1CjFQckJRTU15cU5yaEFpQk8rdWpzd2h5U3pTU0Z0Y25PSFN0Z0ZwVjdJdEpvL05yR014U0lSMHZrc3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU9Nd0lLanpMbHV0dHBNUzRXcWFPcnBKakYzR1dac2tWL0JxNytBY0hPUC9vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFRHJMNDA2QTR4YWhvYitDd0NZMGJxTENZUTdIaUVGOFhnOGxKZ3krbkdORU9FRnlnNzRsbApqOHdiOElTb3JtemJLQncxM1pmMC9yMFo5dnp4ZTNjVm53PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
jessmonter@Jesss-MacBook-Air Downloads % export KUBECONFIG=~/Downloads/redes-kube-config.yaml

jessmonter@Jesss-MacBook-Air Downloads % nano ~/.zshrc
Password:

jessmonter@Jesss-MacBook-Air Downloads % nc -vz k3s.redes.bigtown.com.mx 6443
Connection to k3s.redes.bigtown.com.mx port 6443 [tcp/sun-sr-https] succeeded!

jessmonter@Jesss-MacBook-Air Downloads % kubectl version --insecure-skip-tls-verify=false
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.1", GitCommit:"3ddd0f45aa91e2f30c70734b175631bec5b5825a", GitTreeState:"clean", BuildDate:"2022-05-24T12:17:11Z", GoVersion:"go1.18.2", Compiler:"gc", Platform:"darwin/arm64"}
Kustomize Version: v4.5.4
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.6+k3s1", GitCommit:"418c3fa858b69b12b9cefbcff0526f666a6236b9", GitTreeState:"clean", BuildDate:"2022-04-28T22:16:18Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}
jessmonter@Jesss-MacBook-Air Downloads % kubectl get nodes
NAME STATUS ROLES AGE VERSION
redes.bigtown.com.mx Ready control-plane,master 40m v1.23.6+k3s1

Instalación y configuración de Ingress NGINX en Kubernetes#

jessmonter@Jesss-MacBook-Air ~ % kubectl apply -f ingress-nginx-${INGRESS_NGINX_VERSION}.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
deployment.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created

jessmonter@Jesss-MacBook-Air ~ % kubectl patch deployment/ingress-nginx-controller -n ingress-nginx --patch '{"spec":{"template":{"spec":{"hostNetwork":true}}}}'
deployment.apps/ingress-nginx-controller patched

jessmonter@Jesss-MacBook-Air ~ % kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=180s
pod/ingress-nginx-controller-7ff499d7dc-xkn56 condition met
pod/ingress-nginx-controller-7575567f98-8zhrk condition met

Equipo remoto#

redes@redes:~$ sudo -i
root@redes:~# netstat -ntulp | egrep -w '80|443'
tcp 0 0 0.0.0.0:443 0.0.0.0:_ LISTEN 4086/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:_ LISTEN 4086/nginx: master
tcp6 0 0 :::443 :::_ LISTEN 4086/nginx: master
tcp6 0 0 :::80 :::_ LISTEN 4086/nginx: master
jessmonter@Jesss-MacBook-Air ~ % kubectl get deployments -n ingress-nginx
NAME READY UP-TO-DATE AVAILABLE AGE
ingress-nginx-controller 1/1 1 1 3m5s

jessmonter@Jesss-MacBook-Air ~ % kubectl get pods -n ingress-nginx --field-selector=status.phase==Running
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-7ff499d7dc-xkn56 1/1 Running 0 2m48s

jessmonter@Jesss-MacBook-Air ~ % kubectl get service ingress-nginx-controller -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.43.103.34 <pending> 80:31317/TCP,443:30755/TCP 4m1s

jessmonter@Jesss-MacBook-Air ~ % nc -vz redes.bigtown.com.mx 80
Connection to redes.bigtown.com.mx port 80 [tcp/http] succeeded!
jessmonter@Jesss-MacBook-Air ~ % nc -vz redes.bigtown.com.mx 443
Connection to redes.bigtown.com.mx port 443 [tcp/https] succeeded!
jessmonter@Jesss-MacBook-Air ~ % curl -vk# 'http://redes.bigtown.com.mx/'

- Trying 20.211.99.164...
- TCP_NODELAY set
- Connected to redes.bigtown.com.mx (20.211.99.164) port 80 (#0)
  > GET / HTTP/1.1
  > Host: redes.bigtown.com.mx
  > User-Agent: curl/7.64.1
  > Accept: _/_
  >
  > < HTTP/1.1 404 Not Found
  > < Date: Thu, 16 Jun 2022 22:47:59 GMT
  > < Content-Type: text/html
  > < Content-Length: 146
  > < Connection: keep-alive
  > <
  <html>
  <head><title>404 Not Found</title></head>
  <body>
  <center><h1>404 Not Found</h1></center>
  <hr><center>nginx</center>
  </body>
  </html>
- Connection #0 to host redes.bigtown.com.mx left intact
- Closing connection 0
jessmonter@Jesss-MacBook-Air ~ % kubectl create configmap index-equipo-basj-mamm-mele-mogj --from-file=index.html
configmap/index-equipo-basj-mamm-mele-mogj created

jessmonter@Jesss-MacBook-Air ~ % kubectl create deployment root-nginx --image=nginx --port=80
deployment.apps/root-nginx created

jessmonter@Jesss-MacBook-Air ~ % kubectl get pods -l app=root-nginx
NAME READY STATUS RESTARTS AGE
root-nginx-68778df5d4-dcvcv 1/1 Running 0 26s

jessmonter@Jesss-MacBook-Air ~ % kubectl edit deployment/root-nginx
deployment.apps/root-nginx edited

jessmonter@Jesss-MacBook-Air ~ % kubectl get pods -l app=root-nginx
NAME READY STATUS RESTARTS AGE
root-nginx-65595944d5-5j45w 1/1 Running 0 64s

jessmonter@Jesss-MacBook-Air ~ % kubectl port-forward deployment/root-nginx 8080:80
Forwarding from 127.0.0.1:8080 -> 80
Forwarding from [::1]:8080 -> 80
Handling connection for 8080
Handling connection for 8080
Sitio catchall
jessmonter@Jesss-MacBook-Air ~ % CONTAINER_IMAGE="docker.io/happypolarbear/linux-doc"

jessmonter@Jesss-MacBook-Air ~ % kubectl create deployment linux-doc --image="${CONTAINER_IMAGE}" --port=80
deployment.apps/linux-doc created

jessmonter@Jesss-MacBook-Air ~ % kubectl get pods -l app=linux-doc
NAME READY STATUS RESTARTS AGE
linux-doc-8f559b4db-clhsk 1/1 Running 0 26s

jessmonter@Jesss-MacBook-Air ~ % kubectl port-forward deployment/linux-doc 8081:80
Forwarding from 127.0.0.1:8081 -> 80
Forwarding from [::1]:8081 -> 80
Handling connection for 8081
Sitio kernel
jessmonter@Jesss-MacBook-Air ~ % CONTAINER_IMAGE="docker.io/happypolarbear/tareas-redes"

jessmonter@Jesss-MacBook-Air ~ % kubectl create deployment tareas-redes --image="${CONTAINER_IMAGE}" --port=80
deployment.apps/tareas-redes created

jessmonter@Jesss-MacBook-Air ~ % kubectl get pods -l app=tareas-redes
NAME READY STATUS RESTARTS AGE
tareas-redes-579bdbf44c-4mwcv 1/1 Running 0 16s

jessmonter@Jesss-MacBook-Air ~ % kubectl port-forward deployment/tareas-redes 8082:80
Forwarding from 127.0.0.1:8082 -> 80
Forwarding from [::1]:8082 -> 80
Handling connection for 8082
Handling connection for 8082
Sitio tareas

Verifica la configuración#

jessmonter@Jesss-MacBook-Air ~ % kubectl get deployments,pods
NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/root-nginx     1/1     1            1           17m
deployment.apps/linux-doc      1/1     1            1           5m20s
deployment.apps/tareas-redes   1/1     1            1           2m3s

NAME                                READY   STATUS    RESTARTS   AGE
pod/root-nginx-65595944d5-5j45w     1/1     Running   0          10m
pod/linux-doc-8f559b4db-clhsk       1/1     Running   0          5m20s
pod/tareas-redes-579bdbf44c-4mwcv   1/1     Running   0          2m3s

Implementación de ingress en Kubernetes#

jessmonter@Jesss-MacBook-Air ~ % kubectl expose deployment root-nginx --port=80
service/root-nginx exposed

jessmonter@Jesss-MacBook-Air ~ % kubectl expose deployment linux-doc --port=80
service/linux-doc exposed

jessmonter@Jesss-MacBook-Air ~ % kubectl expose deployment tareas-redes --port=80
service/tareas-redes exposed

jessmonter@Jesss-MacBook-Air ~ % kubectl get services
NAME           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes     ClusterIP   10.43.0.1       <none>        443/TCP   102m
root-nginx     ClusterIP   10.43.218.2     <none>        80/TCP    45s
linux-doc      ClusterIP   10.43.235.225   <none>        80/TCP    38s
tareas-redes   ClusterIP   10.43.4.21      <none>        80/TCP    31s
jessmonter@Jesss-MacBook-Air ~ % kubectl apply -f recurso-ingress.yaml
ingress.networking.k8s.io/ingress-nginx created

Catch all#

jessmonter@Jesss-MacBook-Air ~ % curl -vk#L 'http://redes.bigtown.com.mx/' | egrep '</?title>'
*   Trying 20.211.99.164...
* TCP_NODELAY set
* Connected to redes.bigtown.com.mx (20.211.99.164) port 80 (#0)
> GET / HTTP/1.1
> Host: redes.bigtown.com.mx
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 17 Jun 2022 00:06:03 GMT
< Content-Type: text/html
< Content-Length: 607
< Connection: keep-alive
< Last-Modified: Thu, 16 Jun 2022 23:22:58 GMT
< ETag: "62abbb52-25f"
< Accept-Ranges: bytes
<
{ [607 bytes data]
##################################################################################################################################################################################################### 100.0%* Connection #0 to host redes.bigtown.com.mx left intact

* Closing connection 0
    <title>Práctica 8 - Redes 2022-2</title>

Kernel#

jessmonter@Jesss-MacBook-Air ~ % curl -vk#L 'http://kernel.redes.bigtown.com.mx/' | egrep '</?title>'
*   Trying 20.211.99.164...
* TCP_NODELAY set
* Connected to kernel.redes.bigtown.com.mx (20.211.99.164) port 80 (#0)
> GET / HTTP/1.1
> Host: kernel.redes.bigtown.com.mx
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 17 Jun 2022 00:08:52 GMT
< Content-Type: text/html
< Content-Length: 145412
< Connection: keep-alive
< Last-Modified: Thu, 09 Jun 2022 21:37:36 GMT
< ETag: "62a26820-23804"
< Accept-Ranges: bytes
<
{ [13989 bytes data]
##########################################################                                                                                                                                             29.5%  <title>The Linux Kernel documentation &mdash; The Linux Kernel  documentation</title>
##################################################################################################################################################################################################### 100.0%* Connection #0 to host kernel.redes.bigtown.com.mx left intact

* Closing connection 0

Tareas#

jessmonter@Jesss-MacBook-Air ~ % curl -vk#L 'http://tareas.redes.bigtown.com.mx/' | egrep '</?title>'
*   Trying 20.211.99.164...
* TCP_NODELAY set
* Connected to tareas.redes.bigtown.com.mx (20.211.99.164) port 80 (#0)
> GET / HTTP/1.1
> Host: tareas.redes.bigtown.com.mx
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 17 Jun 2022 00:09:42 GMT
< Content-Type: text/html
< Content-Length: 13304
< Connection: keep-alive
< Last-Modified: Wed, 15 Jun 2022 20:39:07 GMT
< ETag: "62aa436b-33f8"
< Accept-Ranges: bytes
<
{ [13304 bytes data]
##################################################################################################################################################################################################### 100.0%* Connection #0 to host tareas.redes.bigtown.com.mx left intact

* Closing connection 0
        <title>Redes - Tareas 2022-2</title>

Configuración de SSL/TLS en Ingress NGINX#

root@redes:~# echo "Move along" > /var/www/html/.well-known/acme-challenge/index.html

root@redes:~# cat /var/www/html/.well-known/acme-challenge/index.html
Move along
jessmonter@Jesss-MacBook-Air ~ % kubectl edit deployment/root-nginx
deployment.apps/root-nginx edited
jessmonter@Jesss-MacBook-Air ~ % kubectl get pods -l app=root-nginx
NAME                          READY   STATUS    RESTARTS   AGE
root-nginx-7b49d8d98c-x8zf4   1/1     Running   0          26s
root@redes:~# tree /etc/letsencrypt/live
/etc/letsencrypt/live
|-- README
`-- redes.bigtown.com.mx
    |-- cert.pem -> ../../archive/redes.bigtown.com.mx/cert1.pem
    |-- chain.pem -> ../../archive/redes.bigtown.com.mx/chain1.pem
    |-- fullchain.pem -> ../../archive/redes.bigtown.com.mx/fullchain1.pem
    |-- privkey.pem -> ../../archive/redes.bigtown.com.mx/privkey1.pem
    `-- README

1 directory, 6 files
root@redes:/etc/letsencrypt/live# openssl x509 -in redes.bigtown.com.mx/cert.pem -noout -issuer -subject -dates -ext subjectAltName
issuer=C = US, O = Let's Encrypt, CN = R3
subject=CN = redes.bigtown.com.mx
notBefore=Jun  9 17:02:03 2022 GMT
notAfter=Sep  7 17:02:02 2022 GMT
X509v3 Subject Alternative Name:
    DNS:*.redes.bigtown.com.mx, DNS:redes.bigtown.com.mx
root@redes:/etc/letsencrypt/live# openssl verify -show_chain -CApath /etc/ssl/certs -untrusted redes.bigtown.com.mx/chain.pem redes.bigtown.com.mx/cert.pem
redes.bigtown.com.mx/cert.pem: OK
Chain:
depth=0: CN = redes.bigtown.com.mx (untrusted)
depth=1: C = US, O = Let's Encrypt, CN = R3 (untrusted)
depth=2: C = US, O = Internet Security Research Group, CN = ISRG Root X1

Configura el certificado SSL y la llave privada en el cluster#

Copiar archivos de letsencrypt a local

scp -i ~/.ssh/redes_azure.pem 'root@20.211.99.164:/etc/letsencrypt/live/example.com/*' ~/Downloads/letsencrypt/
jessmonter@Jesss-MacBook-Air Downloads % ls -la ~/Downloads/letsencrypt
total 64
drwxr-xr-x   8 jessmonter  staff   256 Jun 16 20:00 .
drwx------@ 73 jessmonter  staff  2336 Jun 16 19:56 ..
-rw-r--r--   1 jessmonter  staff   692 Jun 16 20:00 README
-rw-r--r--@  1 jessmonter  staff  1887 Jun 16 19:56 cert.pem
-rw-r--r--   1 jessmonter  staff  5284 Jun 16 19:56 cert.txt
-rw-r--r--   1 jessmonter  staff  3749 Jun 16 19:57 chain.pem
-rw-r--r--   1 jessmonter  staff  5636 Jun 16 19:58 fullchain.pem
-rw-r--r--   1 jessmonter  staff  1704 Jun 16 19:59 privkey.pem
jessmonter@Jesss-MacBook-Air letsencrypt % ls
README      cert.pem    cert.txt    chain.pem   fullchain.pem   privkey.pem

jessmonter@Jesss-MacBook-Air letsencrypt % kubectl create secret tls nginx-ingress-tls --cert fullchain.pem --key privkey.pem
secret/nginx-ingress-tls created
jessmonter@Jesss-MacBook-Air letsencrypt % kubectl get secret nginx-ingress-tls
NAME                TYPE                DATA   AGE
nginx-ingress-tls   kubernetes.io/tls   2      22s

jessmonter@Jesss-MacBook-Air letsencrypt % kubectl describe secret nginx-ingress-tls
Name:         nginx-ingress-tls
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/tls

Data
====
tls.key:  1704 bytes
tls.crt:  5636 bytes

Agrega el soporte TLS al recurso ingress#

jessmonter@Jesss-MacBook-Air Downloads % kubectl edit ingress.networking.k8s.io/ingress-nginx
ingress.networking.k8s.io/ingress-nginx edited
jessmonter@Jesss-MacBook-Air Downloads % kubectl edit deployment/ingress-nginx-controller -n ingress-nginx
deployment.apps/ingress-nginx-controller edited
jessmonter@Jesss-MacBook-Air Downloads % kubectl get deployments,pods -n ingress-nginx -l app.kubernetes.io/component=controller
NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx-controller   1/1     1            1           171m

NAME                                            READY   STATUS    RESTARTS       AGE
pod/ingress-nginx-controller-7ff499d7dc-xkn56   1/1     Running   1 (164m ago)   170m
pod/ingress-nginx-controller-7f7dd56cc6-zlg8x   0/1     Pending   0              33s
jessmonter@Jesss-MacBook-Air Downloads % kubectl scale deployment ingress-nginx-controller -n ingress-nginx --replicas 0
deployment.apps/ingress-nginx-controller scaled

jessmonter@Jesss-MacBook-Air Downloads % kubectl scale deployment ingress-nginx-controller -n ingress-nginx --replicas 1
deployment.apps/ingress-nginx-controller scaled

Verificar la conectividad a los sitios web#

jessmonter@Jesss-MacBook-Air Downloads % nc -vz redes.bigtown.com.mx 80
Connection to redes.bigtown.com.mx port 80 [tcp/http] succeeded!

jessmonter@Jesss-MacBook-Air Downloads % nc -vz redes.bigtown.com.mx 443
Connection to redes.bigtown.com.mx port 443 [tcp/https] succeeded!

Certificado SSL#

Realizamos diversas verificaciones para asegurar el uso de los certificados configurados

Host default#

Host default

Host de documentacion linux#

Documentacion linux

Host de proyecto tareas#

Proyecto tareas

Validar acceso y obtener certificado#

Verificación host acme