V1 - Challenge Containers
Initially we were planning to deploy images from within the cluster. There are 2 parts to this.
- Image Building
- Applying Deployments
Kubernetes does not support docker inside their containers, we have looked at alternatives approaches. Click on the link to see the details and also why they were rejected.
- Mounting docker onto the container
- Rejected ? : By giving root access to docker daemon, a team may delete the image or fiddle with the resources of other teams.
[WIP : Explore and write for each sub-methods]
- First we make a RBAC role to allow access to namespace for creating incluser deployments. Here we have used the default namespace for testing purposes. Write and apply an RBAC accordingly as per your infra and flow.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
namespace: default
name: deployments-and-deployements-scale
rules:
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: deployments-and-deployements-scale-rb
subjects:
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: ClusterRole
name: deployments-and-deployements-scale
apiGroup: ""
- Next we use the kubernetes client api to apply deployment.yaml stored in katanad which runs the deployment. The image should be inside the minikube docker daemon which is the dependency on the first step.
A Basic Challenge Deployment yaml. The challenge’s image should be inside the minikube docker daemon and image pull policy is never in order to avoid dockerhub pull.
apiVersion: apps/v1
kind: Deployment
metadata:
name: challenge-deployment
labels:
app: challenge
spec:
replicas: 1
selector:
matchLabels:
app: challenge
template:
metadata:
labels:
app: challenge
spec:
containers:
- name: challenge
image: challenge:latest
imagePullPolicy: Never
ports:
- containerPort: 80
Python file to apply deployments.
from os import path
import yaml
from kubernetes import client, config
config.load_incluster_config()
//print(path.dirname(__file__))
with open(path.join(path.dirname(__file__), "deployment.yaml")) as f:
dep = yaml.safe_load(f)
k8s_apps_v1 = client.AppsV1Api()
resp = k8s_apps_v1.create_namespaced_deployment(
body=dep, namespace="default")
print("Deployment created. status='%s'" % resp.metadata.name)
Outcluster deployments are pretty forward. You can run a script using the kubectl commands or you can use the client api’s and write similar files as above and change config.load_incluster_config()
to config.load_kube_config()
.