Skip to content

Files

Latest commit

2b8931f · Dec 21, 2020

History

History
170 lines (135 loc) · 5.49 KB

10-Smoke-Test.md

File metadata and controls

170 lines (135 loc) · 5.49 KB

Smoke Test

It’s time to know all this hard work has paid off, some quick verification of typical functionalities that kubernetes offers.

Data Encryption

Create a secret

kubectl create secret generic kubernetes-the-hard-way \
  --from-literal="mykey=mydata"

On master node, connect directly to etcd to get the raw data from the data store in hexadecimal format so it's readable.

sudo ETCDCTL_API=3 etcdctl get \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/etcd/ca.pem \
  --cert=/etc/etcd/kubernetes.pem \
  --key=/etc/etcd/kubernetes-key.pem\
  /registry/secrets/default/kubernetes-the-hard-way | hexdump -C

Expected output should look like this

00000000  2f 72 65 67 69 73 74 72  79 2f 73 65 63 72 65 74  |/registry/secret|
00000010  73 2f 64 65 66 61 75 6c  74 2f 6b 75 62 65 72 6e  |s/default/kubern|
00000020  65 74 65 73 2d 74 68 65  2d 68 61 72 64 2d 77 61  |etes-the-hard-wa|
00000030  79 0a 6b 38 73 3a 65 6e  63 3a 61 65 73 63 62 63  |y.k8s:enc:aescbc|
00000040  3a 76 31 3a 6b 65 79 31  3a b0 2e a0 b5 d3 e4 7c  |:v1:key1:......||
00000050  34 17 0f 1d 56 d0 45 51  d1 f8 f9 82 c7 41 4f 22  |4...V.EQ.....AO"|
00000060  2e da 01 fe a1 b4 c8 99  0f 9e 3a 5a f6 ff 90 50  |..........:Z...P|
00000070  d3 5a 99 76 23 93 2b ef  c4 8a 5b 15 bd 2e 06 dd  |.Z.v#.+...[.....|
00000080  2f 64 9f 0f fb 96 a4 0b  b5 de 28 08 e4 90 3d 05  |/d........(...=.|
00000090  b9 58 ef 32 76 ec 03 00  e7 31 67 eb 03 3b 89 87  |.X.2v....1g..;..|
000000a0  ad eb 18 3d 9e 7b e1 b5  27 53 bf c0 e8 37 92 d1  |...=.{..'S...7..|
000000b0  00 fd cd 28 9c 6b a9 f9  e9 ee 55 50 d3 de 4b 0d  |...(.k....UP..K.|
000000c0  9a 1a 0a 1a 8b d9 6f dd  3d 04 d5 6e fb fe 81 4b  |......o.=..n...K|
000000d0  5b f2 f9 06 eb 1d 58 ba  00 cf 4a 3d 71 19 52 ea  |[.....X...J=q.R.|
000000e0  5d 16 6f 2a 14 75 14 1e  26 a1 cf 02 1e 01 18 3c  |].o*.u..&......<|
000000f0  3a 1e 08 4d 5d 73 a4 95  05 57 6e 34 18 46 6e 0a  |:..M]s...Wn4.Fn.|
00000100  d3 1b f1 b5 88 81 c3 d3  ba a1 64 5c 56 95 af 2a  |..........d\V..*|
00000110  42 34 67 05 16 b8 6c 89  8a 07 9f c5 61 f6 ce 79  |B4g...l.....a..y|
00000120  a8 7e 5c 29 57 f2 c4 23  b6 ae de f0 67 e5 fc c5  |.~\)W..#....g...|
00000130  5b 01 c0 d7 57 bf 72 42  36 74 0f 1f a9 42 21 50  |[...W.rB6t...B!P|
00000140  85 5c a4 35 b9 5a 54 ee  74 6e 4b b4 ec 2d ce 07  |.\.5.ZT.tnK..-..|
00000150  15 3b e9 4b 57 cd af 92  36 0a                    |.;.KW...6.|
0000015a

The etcd key should be prefixed with k8s:enc:aescbc:v1:key1, which indicates the aescbc provider was used to encrypt the data with the key1 encryption key.

Deployments

Create a deployment

kubectl create deployment nginx --image=arm32v5/nginx
deployment.apps/nginx created

See the pods created

kubectl get pods -l app=nginx
NAME                     READY   STATUS    RESTARTS   AGE
nginx-54cb54645d-r9h5g   1/1     Running   0          2m53s

Port Forwarding

kubectl port-forward nginx-54cb54645d-r9h5g 8080:80
Forwarding from 127.0.0.1:8080 -> 80
Forwarding from [::1]:8080 -> 80

On another terminal

curl -I http://127.0.0.1:8080
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 14 Dec 2020 23:10:50 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 24 Nov 2020 13:02:03 GMT
Connection: keep-alive
ETag: "5fbd044b-264"
Accept-Ranges: bytes

Back to the previous terminal, Ctrl+C to cancel the port forwarding.

Logs

Let's see the logs generated by the nginx pod previously created.

kubectl logs nginx-54cb54645d-r9h5g
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
127.0.0.1 - - [14/Dec/2020:23:10:50 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.72.0" "-"

Exec

kubectl exec -ti nginx-54cb54645d-r9h5g -- nginx -v
nginx version: nginx/1.19.5

Services

Create a service type NodePort

kubectl expose deployment nginx --port 80 --type NodePort
service/nginx exposed

See the IP and port

kubectl get svc
NAME         TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.32.0.1     <none>        443/TCP        15d
nginx        NodePort    10.32.0.110   <none>        80:31127/TCP   24s

NodePort is 31127

On master node (there is no route from my local computer to the internal IPs of the CNAT, if there is such route, no need to go to master node to run this command) both worker nodes should return the same information.

Test node p1

pi@rpi-k8s-master:~ $ curl -I http://172.19.181.1:31127/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 14 Dec 2020 23:18:35 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 24 Nov 2020 13:02:03 GMT
Connection: keep-alive
ETag: "5fbd044b-264"
Accept-Ranges: bytes

Test node p2

pi@rpi-k8s-master:~ $ curl -I http://172.19.181.2:31127/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 14 Dec 2020 23:18:40 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 24 Nov 2020 13:02:03 GMT
Connection: keep-alive
ETag: "5fbd044b-264"
Accept-Ranges: bytes