In the previous blog, we discussed setting up Offline Kubernetes Cluster over on-premises servers. After setting up the Kubernetes cluster we need to have some basic components to manage the orchestration and monitoring of the Kubernetes Cluster which will help Horizontal Pod Autoscaler and Vertical Pod Autoscaler to get information about CPU/Memory. Also, we have to limit access to all the components and Microservice we have set up for the SSO tool.
To begin with, we need a service mesh tool to manage the traffic flow between multiple microservices and We have many tools for this like Istio, Linkerd, Cilium Service Mesh, Consul connect, etc. Here I am considering Istio.
Firstly, We will be talking Istio Setup over Kubernetes Cluster.
Istio is an open source service mesh that helps organizations
run distributed, microservices-based apps anywhere.
Istio enables organizations to secure, connect, and monitor
microservices, so they can modernize their enterprise apps more
swiftly and securely.
Istio allows organizations to deliver distributed applications at scale. It simplifies service-to-service network operations like traffic management, authorization, and encryption, as well as auditing and observability.
Istio URL : https://istio.io/latest/docs/setup/getting-started/
1) From the upper link I have downloaded the Istio Binary to my local and pushed it to our Kubernetes Master node as a Zip file.
2) I have pulled all the 3 required images for Istio Setup and exported them as Zip to our Kubernetes Worker Nodes and load them to Worker Nodes using nerdctl command:
sudo /usr/local/bin/nerdctl --namespace k8s.io < image.tar 3) Then I unzip the file over master and move the Istioctl Binary to /usr/local/bin/.
sudo mv istioctl /usr/local/bin/ 4) After all the settings I have run istioctl Install command
sudo /usr/local/bin/istioctl install --set profile=demo -y Output: 5) Now we can check the pods under istio-system namespace.
sudo /usr/local/bin/kubectl get pods -n istio-systeSecondly, We will be setting up Metrics Server
The Kubernetes Metrics Server is a cluster-wide aggregator of resource usage data. The Kubernetes Metrics Server collects resource metrics from the kubelet running on each worker node and exposes
them in the Kubernetes API server through the Kubernetes Metrics API.
1) First of all we have to download the Manifest file of the Metrics server from the internet at our local machine.
https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
2) Secondly we will be deploying the manifest file to our Kubernetes Cluster Master Node.
3) We can load Metrics server Image locally or We can push it to the connected ACR.
4) After all the settings we have to run only the command to deploy the Metrics server.
sudo /usr/local/bin/kubectl apply -f components.yaml -n kube-system5) To check Pods are up and running:
sudo /usr/local/bin/kubectl get pods -n metrics-serverThird, We will be setting up Keycloak
Keycloak is an open source Identity and Access Management solution. Keycloak offers features such as Single-Sign-On (SSO), Identity Brokering and Social Login, User Federation, Client Adapters, an Admin Console, and an Account Management Console.
Single Sign-On : Your applications don’t have to deal with user stores, storing credentials of users, authenticating users, login forms, session management. With the Single Sign-On feature once a user logged-in to Keycloak, users don’t have to login again to access a different application. The same applied to logout as well.
User Federation : Keycloak has built-in support to connect to existing LDAP or Active Directory servers.
Authorization Services : Keycloak provides fine-grained authorization to manage permissions for all the services, users, and groups. Roles can be defined with the provided Keycloak admin console as well as through APIs, SDK.
Keycloak Installation using helm chart
1) Download the helm chart from the link given below
https://github.com/codecentric/helm-charts/releases/download/keycloak 18.3.0/keycloak-18.3.0.tgz2) Extract the file using command:
tar xvf keycloak-18.3.0.tgz3) Edit the values.yaml file at path “keycloak/charts/postgresql/values.yaml” and add the following data:
persistence:
enabled: true
existingClaim: “keycloak-pvc”
mountPath: /path
size: 10Gi
4) Add the new values-keycloak.yml file at path keycloak/values-keycloak.yml
vi values-keycloak.ymlname: KEYCLOAK_LOGLEVEL
value: DEBUG
name: KEYCLOAK_USER
value: keycloak
name: KEYCLOAK_PASSWORD
value: keycloak
name: PROXY_ADDRESS_FORWARDING
value: “true”
postgresql:
enabled: true
Install the keycloak helm chart:
helm install mykeycloak keycloak/ --values keycloak/values-keycloak.yml -n keycloakTo check the created objects:
kubectl get all -n keycoak
This is how we can set up Components for Kubernetes Cluster. Here in this blog, we learnt about setting up monitoring, SSO, and the other associated operations for troubleshooting. Now as we have reached the end of the blog – what do you think I could have done something differently? Do comment. Also If you face any sort of issue in setting up the Kubernetes cluster components drop a comment.
Blog Pundits: Mehul Sharma and Sandeep Rawat
Opstree is an End to End DevOps solution provider.
Connect with Us
