The latest articles on Forem by Karim (@deep75). https://forem.com/deep75 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F201107%2F3baeda33-adf9-4837-9044-54f2472af904.png https://forem.com/deep75 en Karim Wed, 15 Jan 2025 00:52:40 +0000 https://forem.com/deep75/aiops-investigation-par-lia-dans-kubernetes-avec-holmesgpt-ollama-et-runpod--3gk0 https://forem.com/deep75/aiops-investigation-par-lia-dans-kubernetes-avec-holmesgpt-ollama-et-runpod--3gk0 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fktvh7jmd9vxk1y0v7c0s.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fktvh7jmd9vxk1y0v7c0s.png" width="800" height="308"></a></p> <p>Dans le monde de l’orchestration de conteneurs, Kubernetes est devenu une norme pour gérer les workloads conteneurisés. Cependant, la gestion et le dépannage des clusters Kubernetes peuvent être complexes et chronophages. Cet article explore comment l’intelligence artificielle (IA) peut être intégrée dans Kubernetes pour améliorer l’investigation et la gestion des incidents. J’avais d’ailleurs évoqué le sujet dans un article précédent :</p> <p><a href="https://dev.to/deep75/aiops-deboguer-son-cluster-kubernetes-en-utilisant-lintelligence-artificielle-generative-via-52hc">AIOps : Déboguer son cluster Kubernetes en utilisant l’intelligence artificielle générative via…</a></p> <p>Ici je vais m’intéresser à HolmesGPT. HolmesGPT, développé par Robusta, est un agent de dépannage open source qui utilise l’IA pour investiguer les incidents dans les clusters Kubernetes avec ces caractéristiques :</p> <ul> <li> <strong>Intégration avec les outils de gestion d’incidents</strong> : HolmesGPT se connecte à des outils comme PagerDuty, OpsGenie et Prometheus pour collecter des données et analyser les alertes.</li> <li> <strong>Investigation automatisée</strong> : Grâce à l’IA, HolmesGPT peut identifier et résoudre des problèmes tels que l’expiration des certificats SSL, les problèmes de ressources insuffisantes et les problèmes d’affinité des nœuds. Cela réduit significativement le temps et l’effort nécessaires pour le dépannage.</li> <li> <strong>Personnalisation</strong> : HolmesGPT permet de créer des livres de recettes (runbooks) personnalisés pour gérer des problèmes spécifiques, en utilisant des API et des outils personnalisés si nécessaire.</li> </ul> <p><a href="https://github.com/robusta-dev/holmesgpt" rel="noopener noreferrer">GitHub - robusta-dev/holmesgpt: On-Call Assistant for Prometheus Alerts - Get a head start on fixing alerts with AI investigation</a></p> <p>Pour cet exercice, je vais d’abord lancer une instance Ubuntu 24.04 LTS de nouveau chez le fournisseur Cloud DigitalOcean :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnfo9qz3j78pfuyr0i36m.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnfo9qz3j78pfuyr0i36m.png" width="800" height="257"></a></p> <p>Je vais y installer Incus, un fork de LXD qui va me servir de base pour la formation d’un cluster Kubernetes avec plusieurs containers :</p> <p><a href="https://linuxcontainers.org/incus/" rel="noopener noreferrer">Linux Containers - Incus - Introduction</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg01os4x00wqka5ivqa33.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg01os4x00wqka5ivqa33.jpg" width="524" height="499"></a></p> <p>Comme pour LXD, je vais procéder à la création de plusieurs profiles. Mais dans un premier temps, installation d’Incus sur l’instance :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# curl <span class="nt">-fsSL</span> https://pkgs.zabbly.com/key.asc | gpg <span class="nt">--show-keys</span> <span class="nt">--fingerprint</span> gpg: directory <span class="s1">'/root/.gnupg'</span> created gpg: keybox <span class="s1">'/root/.gnupg/pubring.kbx'</span> created pub rsa3072 2023-08-23 <span class="o">[</span>SC] <span class="o">[</span>expires: 2025-08-22] 4EFC 5906 96CB 15B8 7C73 A3AD 82CC 8797 C838 DCFD uid Zabbly Kernel Builds &lt;info@zabbly.com&gt; sub rsa3072 2023-08-23 <span class="o">[</span>E] <span class="o">[</span>expires: 2025-08-22] root@k0s-incus:~# <span class="nb">mkdir</span> <span class="nt">-p</span> /etc/apt/keyrings/ root@k0s-incus:~# curl <span class="nt">-fsSL</span> https://pkgs.zabbly.com/key.asc <span class="nt">-o</span> /etc/apt/keyrings/zabbly.asc root@k0s-incus:~# sh <span class="nt">-c</span> <span class="s1">'cat &lt;&lt;EOF &gt; /etc/apt/sources.list.d/zabbly-incus-stable.sources Enabled: yes Types: deb URIs: https://pkgs.zabbly.com/incus/stable Suites: $(. /etc/os-release &amp;&amp; echo ${VERSION_CODENAME}) Components: main Architectures: $(dpkg --print-architecture) Signed-By: /etc/apt/keyrings/zabbly.asc EOF'</span> root@k0s-incus:~# apt-get update Hit:1 http://security.ubuntu.com/ubuntu noble-security InRelease Hit:2 http://mirrors.digitalocean.com/ubuntu noble InRelease Hit:3 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease Hit:4 http://mirrors.digitalocean.com/ubuntu noble-updates InRelease Hit:5 http://mirrors.digitalocean.com/ubuntu noble-backports InRelease Get:6 https://pkgs.zabbly.com/incus/stable noble InRelease <span class="o">[</span>7358 B] Get:7 https://pkgs.zabbly.com/incus/stable noble/main amd64 Packages <span class="o">[</span>3542 B] Fetched 10.9 kB <span class="k">in </span>1s <span class="o">(</span>13.3 kB/s<span class="o">)</span> Reading package lists... Done root@k0s-incus:~# apt-get <span class="nb">install </span>incus incus-client incus-ui-canonical <span class="nt">-y</span> Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: attr dconf-gsettings-backend dconf-service dns-root-data dnsmasq-base fontconfig genisoimage glib-networking glib-networking-common glib-networking-services gsettings-desktop-schemas gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-x incus-base iw libaa1 libasyncns0 libavc1394-0 libboost-iostreams1.83.0 libboost-thread1.83.0 libbtrfs0t64 libcaca0 libcairo-gobject2 libcairo2 libcdparanoia0 libdatrie1 libdaxctl1 libdconf1 libdv4t64 libflac12t64 libgdk-pixbuf-2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgraphite2-3 libgstreamer-plugins-base1.0-0 libgstreamer-plugins-good1.0-0 libharfbuzz0b libiec61883-0 libmp3lame0 libmpg123-0t64 libndctl6 libnet1 libogg0 libopus0 liborc-0.4-0t64 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpixman-1-0 libpmem1 libpmemobj1 libproxy1v5 libpulse0 librados2 libraw1394-11 librbd1 librdmacm1t64 libshout3 libsndfile1 libsoup-3.0-0 libsoup-3.0-common libspeex1 libspice-server1 libtag1v5 libtag1v5-vanilla libthai-data libthai0 libtheora0 libtwolame0 libusbredirparser1t64 libv4l-0t64 libv4lconvert0t64 libvisual-0.4-0 libvorbis0a libvorbisenc2 libvpx9 libwavpack1 libx11-xcb1 libxcb-render0 libxcb-shm0 libxdamage1 libxfixes3 libxi6 libxrender1 libxtst6 libxv1 session-migration sshfs wireless-regdb x11-common xdelta3 root@k0s-incus:~# incus Description: Command line client <span class="k">for </span>Incus All of Incus<span class="s1">'s features can be driven through the various commands below. For help with any of those, simply call them with --help. Custom commands can be defined through aliases, use "incus alias" to control those. Usage: incus [command] Available Commands: admin Manage incus daemon cluster Manage cluster members config Manage instance and server configuration options console Attach to instance consoles copy Copy instances within or in between servers create Create instances from images delete Delete instances exec Execute commands in instances export Export instance backups file Manage files in instances help Help about any command image Manage images import Import instance backups info Show instance or server information launch Create and start instances from images list List instances move Move instances within or in between servers network Manage and attach instances to networks pause Pause instances profile Manage profiles project Manage projects publish Publish instances as images rebuild Rebuild instances remote Manage the list of remote servers rename Rename instances restart Restart instances resume Resume instances snapshot Manage instance snapshots start Start instances stop Stop instances storage Manage storage pools and volumes top Display resource usage info per instance version Show local and remote versions webui Open the web interface Flags: --all Show less common commands --debug Show all debug messages --force-local Force using the local unix socket -h, --help Print help --project Override the source project -q, --quiet Don'</span>t show progress information <span class="nt">--sub-commands</span> Use with <span class="nb">help </span>or <span class="nt">--help</span> to view sub-commands <span class="nt">-v</span>, <span class="nt">--verbose</span> Show all information messages <span class="nt">--version</span> Print version number Use <span class="s2">"incus [command] --help"</span> <span class="k">for </span>more information about a command. </code></pre> </div> <p>Initialisation d’Incus en version minimaliste :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# incus admin init Would you like to use clustering? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: Do you want to configure a new storage pool? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span><span class="nb">yes</span><span class="o">]</span>: Name of the new storage pool <span class="o">[</span><span class="nv">default</span><span class="o">=</span>default]: Name of the storage backend to use <span class="o">(</span>btrfs, <span class="nb">dir</span>, lvm<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>btrfs]: <span class="nb">dir </span>Where should this storage pool store its data? <span class="o">[</span><span class="nv">default</span><span class="o">=</span>/var/lib/incus/storage-pools/default]: Would you like to create a new <span class="nb">local </span>network bridge? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span><span class="nb">yes</span><span class="o">]</span>: What should the new bridge be called? <span class="o">[</span><span class="nv">default</span><span class="o">=</span>incusbr0]: What IPv4 address should be used? <span class="o">(</span>CIDR subnet notation, “auto” or “none”<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>auto]: What IPv6 address should be used? <span class="o">(</span>CIDR subnet notation, “auto” or “none”<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>auto]: Would you like the server to be available over the network? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: Would you like stale cached images to be updated automatically? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span><span class="nb">yes</span><span class="o">]</span>: Would you like a YAML <span class="s2">"init"</span> preseed to be printed? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: root@k0s-incus:~# incus list +------+-------+------+------+------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+-------+------+------+------+-----------+ root@k0s-incus:~# incus profile list +---------+-----------------------+---------+ | NAME | DESCRIPTION | USED BY | +---------+-----------------------+---------+ | default | Default Incus profile | 0 | +---------+-----------------------+---------+ root@k0s-incus:~# incus profile show default config: <span class="o">{}</span> description: Default Incus profile devices: eth0: name: eth0 network: incusbr0 <span class="nb">type</span>: nic root: path: / pool: default <span class="nb">type</span>: disk name: default used_by: <span class="o">[]</span> project: default root@k0s-incus:~# incus profile create k8s </code></pre> </div> <p>Incus dispose d’un tableau de bord de contrôle qui peut être actionné temporairement par incus webui.</p> <p><a href="https://linuxcontainers.org/incus/docs/main/reference/manpages/incus/webui/" rel="noopener noreferrer">incus webui</a></p> <p>Activation de ce dernier :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# <span class="nb">nohup </span>incus webui &amp; <span class="o">[</span>1] 4104 root@k0s-incus:~# <span class="nb">nohup</span>: ignoring input and appending output to <span class="s1">'nohup.out'</span> root@k0s-incus:~# <span class="nb">cat </span>nohup.out Web server running at: http://127.0.0.1:34363/ui?auth_token<span class="o">=</span>3c5f5d4b-f9ed-4bf9-a174-d5ea2366cfbf </code></pre> </div> <p>Utilisation de <strong>pinggy.io</strong> pour y accéder :</p> <p><a href="https://pinggy.io/" rel="noopener noreferrer">Pinggy - Simple Localhost Tunnels</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiuelyjmbgcvansbv8v5h.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiuelyjmbgcvansbv8v5h.png" width="800" height="382"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# ssh <span class="nt">-p</span> 443 <span class="nt">-R0</span>:127.0.0.1:34363 a.pinggy.io </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fackh7m9fga92mclzbu87.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fackh7m9fga92mclzbu87.png" width="800" height="425"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffgydlx99dflogw0d4obp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffgydlx99dflogw0d4obp.png" width="800" height="425"></a></p> <p>Je récupère le même profile qu’utilise LXD pour MicroK8s :</p> <p><a href="https://microk8s.io/docs/install-lxd" rel="noopener noreferrer">MicroK8s - MicroK8s in LXD | MicroK8s</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>roothttps://microk8s.io/docs/install-lxd@k0s-incus:~# wget https://raw.githubusercontent.com/ubuntu/microk8s/master/tests/lxc/microk8s.profile <span class="nt">-O</span> k8s.profile <span class="nt">--2025-01-14</span> 20:58:42-- https://raw.githubusercontent.com/ubuntu/microk8s/master/tests/lxc/microk8s.profile Resolving raw.githubusercontent.com <span class="o">(</span>raw.githubusercontent.com<span class="o">)</span>... 185.199.108.133, 185.199.110.133, 185.199.109.133, ... Connecting to raw.githubusercontent.com <span class="o">(</span>raw.githubusercontent.com<span class="o">)</span>|185.199.108.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 816 <span class="o">[</span>text/plain] Saving to: ‘k8s.profile’ k8s.profile 100%[<span class="o">=====================================================================================================&gt;]</span> 816 <span class="nt">--</span>.-KB/s <span class="k">in </span>0s 2025-01-14 20:58:42 <span class="o">(</span>33.4 MB/s<span class="o">)</span> - ‘k8s.profile’ saved <span class="o">[</span>816/816] root@k0s-incus:~# <span class="nb">cat </span>k8s.profile | incus profile edit k8s root@k0s-incus:~# <span class="nb">rm </span>k8s.profile root@k0s-incus:~# incus profile show k8s config: boot.autostart: <span class="s2">"true"</span> linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,ip_tables,ip6_tables,netlink_diag,nf_nat,overlay,br_netfilter raw.lxc: | lxc.apparmor.profile<span class="o">=</span>unconfined lxc.mount.auto<span class="o">=</span>proc:rw sys:rw cgroup:rw lxc.cgroup.devices.allow<span class="o">=</span>a lxc.cap.drop<span class="o">=</span> security.nesting: <span class="s2">"true"</span> security.privileged: <span class="s2">"true"</span> description: <span class="s2">""</span> devices: aadisable: path: /sys/module/nf_conntrack/parameters/hashsize <span class="nb">source</span>: /sys/module/nf_conntrack/parameters/hashsize <span class="nb">type</span>: disk aadisable2: path: /dev/kmsg <span class="nb">source</span>: /dev/kmsg <span class="nb">type</span>: unix-char aadisable3: path: /sys/fs/bpf <span class="nb">source</span>: /sys/fs/bpf <span class="nb">type</span>: disk aadisable4: path: /proc/sys/net/netfilter/nf_conntrack_max <span class="nb">source</span>: /proc/sys/net/netfilter/nf_conntrack_max <span class="nb">type</span>: disk name: k8s used_by: <span class="o">[]</span> project: default </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fok2y4u94bb6i5io6zp8d.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fok2y4u94bb6i5io6zp8d.png" width="800" height="425"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxavr929bwhv7rncqjocj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxavr929bwhv7rncqjocj.png" width="800" height="425"></a></p> <p>Comme Incus a la faculté d’utiliser cloud-init, je crée un nouveau profile destiné à cet usage :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">root@k0s-incus:~# incus profile show cloud</span> <span class="na">config</span><span class="pi">:</span> <span class="na">cloud-init.user-data</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">#cloud-config</span> <span class="s">package_update: true</span> <span class="s">package_upgrade: true</span> <span class="s">package_reboot_if_required: true</span> <span class="s">packages:</span> <span class="s">- vim</span> <span class="s">- wget</span> <span class="s">- git</span> <span class="s">- curl</span> <span class="s">- htop</span> <span class="s">- openssh-server</span> <span class="s">bootcmd:</span> <span class="s">- systemctl enable ssh</span> <span class="s">- systemctl start ssh</span> <span class="s">ssh_authorized_keys:</span> <span class="s">- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpbsaaVUMa2TM9q8VkeBmbKvJpbreXTcqI5F5N3riGsoZ7Z/IIN7eR6J47UP2bj3IBTdgHmij1uOexm60QBO2PY4abIhsN+xnVS4a0LSyI8v6nYECWbEehL/gFn6uDmSLA4m0hZCF5BSpLxQYzKS28dHIdXsLC4CDd67nAXIhOiVpM0q/AUCuSy+mA0VwFa/JAkFCk8TpQBorgwJIq635imrgxYIpEUA2wHXOhw23mO3zTUlay13LSlA2a1xyTkP8hSDWdRYVxr2DEB/MtmTX2BdWlA5rDRmzXE7R2/csE245WAxG+XfSu4zNqhHzm8Df3zmZn3/UyKLcx4eJF//mVZyrM7RQHRteA/im8I4IavrReGyCUKY+OsSfygYVFyO87rYQ+IOauOnB4LxBohBjSBN3Skk4X7krYFIi8D9R1lmL+VvBfpvy0YMurOahY1VJFzD0dUeK2bDUdeWzfFkcX039d9/RRXRxieNpxwp1BLPi5/DXG8FihzgwVTf6h60J9/fkYzY+BO8CKG2kYTUsy1ykuXLzLY5sTCREiEoEKcJ9IGz8OimZ1AmkgJJCrQnI6mT/KiNDU6YCc75ONKTKX5HKVPhZWT255Aw4f5LBbBrj06cJX3GuunV0I30+BYyHwLbPBoqgd4GUk3YJlr8wS3qre/YUSc2iKNDTOzFCC8Q== root@k0s-incus</span> <span class="na">description</span><span class="pi">:</span> <span class="s">incus with cloud-init</span> <span class="na">devices</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">name</span><span class="pi">:</span> <span class="s">cloud</span> <span class="na">used_by</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">project</span><span class="pi">:</span> <span class="s">default</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwurwmdyk16jinnag560n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwurwmdyk16jinnag560n.png" width="800" height="425"></a></p> <p>Je suis prêt pour la création de trois containers qui me serviront de pivot à la création d’un cluster Kubernetes :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>1..3<span class="o">}</span><span class="p">;</span> <span class="k">do </span>incus launch <span class="nt">-p</span> default <span class="nt">-p</span> k8s <span class="nt">-p</span> cloud images:ubuntu/24.04/cloud k0s-<span class="nv">$i</span><span class="p">;</span> <span class="k">done </span>Launching k0s-1 Launching k0s-2 Launching k0s-3 root@k0s-incus:~# incus list +-------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | k0s-1 | RUNNING | 10.224.160.99 <span class="o">(</span>eth0<span class="o">)</span> | fd42:4641:b619:c782:216:3eff:fea4:53d3 <span class="o">(</span>eth0<span class="o">)</span> | CONTAINER | 0 | +-------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | k0s-2 | RUNNING | 10.224.160.54 <span class="o">(</span>eth0<span class="o">)</span> | fd42:4641:b619:c782:216:3eff:feee:7af8 <span class="o">(</span>eth0<span class="o">)</span> | CONTAINER | 0 | +-------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | k0s-3 | RUNNING | 10.224.160.215 <span class="o">(</span>eth0<span class="o">)</span> | fd42:4641:b619:c782:216:3eff:fef3:709b <span class="o">(</span>eth0<span class="o">)</span> | CONTAINER | 0 | +-------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ root@k0s-incus:~# <span class="nb">cat</span> .ssh/config Host <span class="k">*</span> StrictHostKeyChecking no <span class="nv">UserKnownHostsFile</span><span class="o">=</span>/dev/null root@k0s-incus:~# ssh ubuntu@10.224.160.99 Welcome to Ubuntu 24.04.1 LTS <span class="o">(</span>GNU/Linux 6.8.0-51-generic x86_64<span class="o">)</span> <span class="k">*</span> Documentation: https://help.ubuntu.com <span class="k">*</span> Management: https://landscape.canonical.com <span class="k">*</span> Support: https://ubuntu.com/pro The programs included with the Ubuntu system are free software<span class="p">;</span> the exact distribution terms <span class="k">for </span>each program are described <span class="k">in </span>the individual files <span class="k">in</span> /usr/share/doc/<span class="k">*</span>/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a <span class="nb">command </span>as administrator <span class="o">(</span>user <span class="s2">"root"</span><span class="o">)</span>, use <span class="s2">"sudo &lt;command&gt;"</span><span class="nb">.</span> See <span class="s2">"man sudo_root"</span> <span class="k">for </span>details. ubuntu@k0s-1:~<span class="err">$</span> </code></pre> </div> <p>Récupération de k0sctl pour la création d’un cluster Kubernetes avec k0s :</p> <p><a href="https://docs.k0sproject.io/head/k0sctl-install/" rel="noopener noreferrer">Using k0sctl - Documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# wget <span class="nt">-c</span> https://github.com/k0sproject/k0sctl/releases/download/v0.21.0/k0sctl-linux-amd64 <span class="o">&amp;&amp;</span> <span class="nb">chmod</span> +x k0sctl-linux-amd64 <span class="o">&amp;&amp;</span> <span class="nb">mv </span>k0sctl-linux-amd64 /usr/local/bin/k0sctl Saving to: ‘k0sctl-linux-amd64’ k0sctl-linux-amd64 100%[<span class="o">=====================================================================================================&gt;]</span> 18.21M <span class="nt">--</span>.-KB/s <span class="k">in </span>0.1s 2025-01-14 21:22:23 <span class="o">(</span>122 MB/s<span class="o">)</span> - ‘k0sctl-linux-amd64’ saved <span class="o">[</span>19091608/19091608] root@k0s-incus:~# k0sctl NAME: k0sctl - k0s cluster management tool USAGE: k0sctl <span class="o">[</span>global options] <span class="nb">command</span> <span class="o">[</span><span class="nb">command </span>options] COMMANDS: version Output k0sctl version apply Apply a k0sctl configuration kubeconfig Output the admin kubeconfig of the cluster init Create a configuration template reset Remove traces of k0s from all of the hosts backup Take backup of existing clusters state config Configuration related sub-commands completion <span class="nb">help</span>, h Shows a list of commands or <span class="nb">help </span><span class="k">for </span>one <span class="nb">command </span>GLOBAL OPTIONS: <span class="nt">--debug</span>, <span class="nt">-d</span> Enable debug logging <span class="o">(</span>default: <span class="nb">false</span><span class="o">)</span> <span class="o">[</span><span class="nv">$DEBUG</span><span class="o">]</span> <span class="nt">--trace</span> Enable trace logging <span class="o">(</span>default: <span class="nb">false</span><span class="o">)</span> <span class="o">[</span><span class="nv">$TRACE</span><span class="o">]</span> <span class="nt">--no-redact</span> Do not hide sensitive information <span class="k">in </span>the output <span class="o">(</span>default: <span class="nb">false</span><span class="o">)</span> <span class="nt">--help</span>, <span class="nt">-h</span> show <span class="nb">help </span>root@k0s-incus:~# k0sctl init <span class="nt">--k0s</span> <span class="o">&gt;</span> k0sctl.yaml root@k0s-incus:~# <span class="nb">cat </span>k0sctl.yaml apiVersion: k0sctl.k0sproject.io/v1beta1 kind: Cluster metadata: name: k0s-cluster user: admin spec: hosts: - ssh: address: 10.224.160.99 user: ubuntu port: 22 keyPath: /root/.ssh/id_rsa role: controller - ssh: address: 10.224.160.54 user: ubuntu port: 22 keyPath: /root/.ssh/id_rsa role: worker - ssh: address: 10.224.160.215 user: ubuntu port: 22 keyPath: /root/.ssh/id_rsa role: worker k0s: config: apiVersion: k0s.k0sproject.io/v1beta1 kind: Cluster metadata: name: k0s spec: api: k0sApiPort: 9443 port: 6443 installConfig: <span class="nb">users</span>: etcdUser: etcd kineUser: kube-apiserver konnectivityUser: konnectivity-server kubeAPIserverUser: kube-apiserver kubeSchedulerUser: kube-scheduler konnectivity: adminPort: 8133 agentPort: 8132 network: kubeProxy: disabled: <span class="nb">false </span>mode: iptables kuberouter: autoMTU: <span class="nb">true </span>mtu: 0 peerRouterASNs: <span class="s2">""</span> peerRouterIPs: <span class="s2">""</span> podCIDR: 10.244.0.0/16 provider: kuberouter serviceCIDR: 10.96.0.0/12 podSecurityPolicy: defaultPolicy: 00-k0s-privileged storage: <span class="nb">type</span>: etcd telemetry: enabled: <span class="nb">true</span> </code></pre> </div> <p>Lancement de la création :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> root@k0s-incus:~# k0sctl apply <span class="nt">--config</span> k0sctl.yaml ⠀⣿⣿⡇⠀⠀⢀⣴⣾⣿⠟⠁⢸⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀█████████ █████████ ███ ⠀⣿⣿⡇⣠⣶⣿⡿⠋⠀⠀⠀⢸⣿⡇⠀⠀⠀⣠⠀⠀⢀⣠⡆⢸⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀███ ███ ███ ⠀⣿⣿⣿⣿⣟⠋⠀⠀⠀⠀⠀⢸⣿⡇⠀⢰⣾⣿⠀⠀⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀███ ███ ███ ⠀⣿⣿⡏⠻⣿⣷⣤⡀⠀⠀⠀⠸⠛⠁⠀⠸⠋⠁⠀⠀⣿⣿⡇⠈⠉⠉⠉⠉⠉⠉⠉⠉⢹⣿⣿⠀███ ███ ███ ⠀⣿⣿⡇⠀⠀⠙⢿⣿⣦⣀⠀⠀⠀⣠⣶⣶⣶⣶⣶⣶⣿⣿⡇⢰⣶⣶⣶⣶⣶⣶⣶⣶⣾⣿⣿⠀█████████ ███ ██████████ k0sctl v0.21.0 Copyright 2023, k0sctl authors. By continuing to use k0sctl you agree to these terms: https://k0sproject.io/licenses/eula INFO <span class="o">==&gt;</span> Running phase: Set k0s version INFO Looking up latest stable k0s version INFO Using k0s version v1.31.3+k0s.0 INFO <span class="o">==&gt;</span> Running phase: Connect to hosts INFO <span class="o">[</span>ssh] 10.224.160.215:22: connected INFO <span class="o">[</span>ssh] 10.224.160.99:22: connected INFO <span class="o">[</span>ssh] 10.224.160.54:22: connected INFO <span class="o">==&gt;</span> Running phase: Detect host operating systems INFO <span class="o">[</span>ssh] 10.224.160.215:22: is running Ubuntu 24.04.1 LTS INFO <span class="o">[</span>ssh] 10.224.160.99:22: is running Ubuntu 24.04.1 LTS INFO <span class="o">[</span>ssh] 10.224.160.54:22: is running Ubuntu 24.04.1 LTS INFO <span class="o">==&gt;</span> Running phase: Acquire exclusive host lock INFO <span class="o">==&gt;</span> Running phase: Prepare hosts INFO <span class="o">==&gt;</span> Running phase: Gather host facts INFO <span class="o">[</span>ssh] 10.224.160.215:22: using k0s-3 as <span class="nb">hostname </span>INFO <span class="o">[</span>ssh] 10.224.160.54:22: using k0s-2 as <span class="nb">hostname </span>INFO <span class="o">[</span>ssh] 10.224.160.99:22: using k0s-1 as <span class="nb">hostname </span>INFO <span class="o">[</span>ssh] 10.224.160.215:22: discovered eth0 as private interface INFO <span class="o">[</span>ssh] 10.224.160.54:22: discovered eth0 as private interface INFO <span class="o">[</span>ssh] 10.224.160.99:22: discovered eth0 as private interface INFO <span class="o">==&gt;</span> Running phase: Validate hosts INFO <span class="o">==&gt;</span> Running phase: Validate facts INFO <span class="o">==&gt;</span> Running phase: Download k0s on hosts INFO <span class="o">[</span>ssh] 10.224.160.215:22: downloading k0s v1.31.3+k0s.0 INFO <span class="o">[</span>ssh] 10.224.160.54:22: downloading k0s v1.31.3+k0s.0 INFO <span class="o">[</span>ssh] 10.224.160.99:22: downloading k0s v1.31.3+k0s.0 INFO <span class="o">==&gt;</span> Running phase: Install k0s binaries on hosts INFO <span class="o">[</span>ssh] 10.224.160.99:22: validating configuration INFO <span class="o">==&gt;</span> Running phase: Configure k0s INFO <span class="o">[</span>ssh] 10.224.160.99:22: installing new configuration INFO <span class="o">==&gt;</span> Running phase: Initialize the k0s cluster INFO <span class="o">[</span>ssh] 10.224.160.99:22: installing k0s controller INFO <span class="o">[</span>ssh] 10.224.160.99:22: waiting <span class="k">for </span>the k0s service to start INFO <span class="o">[</span>ssh] 10.224.160.99:22: <span class="nb">wait </span><span class="k">for </span>kubernetes to reach ready state INFO <span class="o">==&gt;</span> Running phase: Install workers INFO <span class="o">[</span>ssh] 10.224.160.99:22: generating a <span class="nb">join </span>token <span class="k">for </span>worker 1 INFO <span class="o">[</span>ssh] 10.224.160.99:22: generating a <span class="nb">join </span>token <span class="k">for </span>worker 2 INFO <span class="o">[</span>ssh] 10.224.160.215:22: validating api connection to https://10.224.160.99:6443 using <span class="nb">join </span>token INFO <span class="o">[</span>ssh] 10.224.160.54:22: validating api connection to https://10.224.160.99:6443 using <span class="nb">join </span>token INFO <span class="o">[</span>ssh] 10.224.160.215:22: writing <span class="nb">join </span>token to /etc/k0s/k0stoken INFO <span class="o">[</span>ssh] 10.224.160.54:22: writing <span class="nb">join </span>token to /etc/k0s/k0stoken INFO <span class="o">[</span>ssh] 10.224.160.54:22: installing k0s worker INFO <span class="o">[</span>ssh] 10.224.160.215:22: installing k0s worker INFO <span class="o">[</span>ssh] 10.224.160.215:22: starting service INFO <span class="o">[</span>ssh] 10.224.160.215:22: waiting <span class="k">for </span>node to become ready INFO <span class="o">[</span>ssh] 10.224.160.54:22: starting service INFO <span class="o">[</span>ssh] 10.224.160.54:22: waiting <span class="k">for </span>node to become ready INFO <span class="o">==&gt;</span> Running phase: Release exclusive host lock INFO <span class="o">==&gt;</span> Running phase: Disconnect from hosts INFO <span class="o">==&gt;</span> Finished <span class="k">in </span>42s INFO k0s cluster version v1.31.3+k0s.0 is now installed INFO Tip: To access the cluster you can now fetch the admin kubeconfig using: INFO k0sctl kubeconfig </code></pre> </div> <p>Le cluster est actif :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvxbhz6ym44x56e7i36os.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvxbhz6ym44x56e7i36os.png" width="800" height="425"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnzwauyg2lwj6fu9qpiqc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnzwauyg2lwj6fu9qpiqc.png" width="800" height="425"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# curl <span class="nt">-LO</span> https://dl.k8s.io/release/v1.31.3/bin/linux/amd64/kubectl <span class="o">&amp;&amp;</span> <span class="nb">chmod</span> +x kubectl <span class="o">&amp;&amp;</span> <span class="nb">mv </span>kubectl /usr/local/bin/ % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 138 100 138 0 0 923 0 <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- 926 100 53.7M 100 53.7M 0 0 476k 0 0:01:55 0:01:55 <span class="nt">--</span>:--:-- 1023k root@k0s-incus:~# <span class="nb">mkdir</span> .kube root@k0s-incus:~# k0sctl kubeconfig <span class="nt">--config</span> k0sctl.yaml <span class="o">&gt;</span> .kube/config root@k0s-incus:~# kubectl cluster-info Kubernetes control plane is running at https://10.224.160.99:6443 CoreDNS is running at https://10.224.160.99:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> root@k0s-incus:~# kubectl get nodes <span class="nt">-o</span> wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME k0s-2 Ready &lt;none&gt; 5m1s v1.31.3+k0s 10.224.160.54 &lt;none&gt; Ubuntu 24.04.1 LTS 6.8.0-51-generic containerd://1.7.24 k0s-3 Ready &lt;none&gt; 5m1s v1.31.3+k0s 10.224.160.215 &lt;none&gt; Ubuntu 24.04.1 LTS 6.8.0-51-generic containerd://1.7.24 root@k0s-incus:~# kubectl get po,svc <span class="nt">-A</span> NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/coredns-645c5d6f5b-kgnsf 1/1 Running 0 5m2s kube-system pod/coredns-645c5d6f5b-n2rbk 1/1 Running 0 5m2s kube-system pod/konnectivity-agent-2dg8l 1/1 Running 0 5m4s kube-system pod/konnectivity-agent-5l5dl 1/1 Running 0 5m4s kube-system pod/kube-proxy-cx47n 1/1 Running 0 5m7s kube-system pod/kube-proxy-sp5fd 1/1 Running 0 5m7s kube-system pod/kube-router-6l4qv 1/1 Running 0 5m7s kube-system pod/kube-router-b9t89 1/1 Running 0 5m7s kube-system pod/metrics-server-78c4ccbc7f-jxpzz 1/1 Running 0 5m1s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default service/kubernetes ClusterIP 10.96.0.1 &lt;none&gt; 443/TCP 5m17s kube-system service/kube-dns ClusterIP 10.96.0.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 5m7s kube-system service/metrics-server ClusterIP 10.109.44.51 &lt;none&gt; 443/TCP 5m1s </code></pre> </div> <p>Il est alors possible de procéder à l’installation d’HolmesGPT via Pipx :</p> <p><a href="https://github.com/robusta-dev/holmesgpt?tab=readme-ov-file#installation" rel="noopener noreferrer">GitHub - robusta-dev/holmesgpt: On-Call Assistant for Prometheus Alerts - Get a head start on fixing alerts with AI investigation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# apt <span class="nb">install </span>pipx <span class="nt">-y</span> root@k0s-incus:~# pipx ensurepath Success! Added /root/.local/bin to the PATH environment variable. Consider adding shell completions <span class="k">for </span>pipx. Run <span class="s1">'pipx completions'</span> <span class="k">for </span>instructions. You will need to open a new terminal or re-login <span class="k">for </span>the PATH changes to take effect. Otherwise pipx is ready to go! ✨ 🌟 ✨ root@k0s-incus:~# pipx <span class="nb">install</span> <span class="s2">"https://github.com/robusta-dev/holmesgpt/archive/refs/heads/master.zip"</span> installed package holmesgpt 0.1.0, installed using Python 3.12.3 These apps are now globally available - holmes <span class="k">done</span><span class="o">!</span> ✨ 🌟 ✨ root@k0s-incus:~# holmes version /root/.local/share/pipx/venvs/holmesgpt/lib/python3.12/site-packages/pydantic/_internal/_config.py:345: UserWarning: Valid config keys have changed <span class="k">in </span>V2: <span class="k">*</span> <span class="s1">'fields'</span> has been removed warnings.warn<span class="o">(</span>message, UserWarning<span class="o">)</span> HEAD -&gt; master-bfafbde3 </code></pre> </div> <p>Pour l’accompagner, je récupère K9s qui fournit une interface utilisateur de terminal pour interagir avec vos clusters Kubernetes. L’objectif de ce projet est de faciliter la navigation, l’observation et la gestion de vos applications dans la nature. K9s surveille continuellement Kubernetes pour les changements et offre des commandes ultérieures pour interagir avec vos ressources observées.</p> <p><a href="https://github.com/derailed/k9s" rel="noopener noreferrer">GitHub - derailed/k9s: 🐶 Kubernetes CLI To Manage Your Clusters In Style!</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# wget <span class="nt">-c</span> https://github.com/derailed/k9s/releases/download/v0.32.7/k9s_linux_amd64.deb HTTP request sent, awaiting response... 200 OK Length: 31832132 <span class="o">(</span>30M<span class="o">)</span> <span class="o">[</span>application/octet-stream] Saving to: ‘k9s_linux_amd64.deb’ k9s_linux_amd64.deb 100%[<span class="o">=====================================================================================================&gt;]</span> 30.36M <span class="nt">--</span>.-KB/s <span class="k">in </span>0.1s 2025-01-14 21:40:07 <span class="o">(</span>291 MB/s<span class="o">)</span> - ‘k9s_linux_amd64.deb’ saved <span class="o">[</span>31832132/31832132] root@k0s-incus:~# apt <span class="nb">install</span> <span class="nt">-f</span> ./k9s_linux_amd64.deb root@k0s-incus:~# k9s <span class="nt">--help</span> K9s is a CLI to view and manage your Kubernetes clusters. Usage: k9s <span class="o">[</span>flags] k9s <span class="o">[</span><span class="nb">command</span><span class="o">]</span> Available Commands: completion Generate the autocompletion script <span class="k">for </span>the specified shell <span class="nb">help </span>Help about any <span class="nb">command </span>info List K9s configurations info version Print version/build info Flags: <span class="nt">-A</span>, <span class="nt">--all-namespaces</span> Launch K9s <span class="k">in </span>all namespaces <span class="nt">--as</span> string Username to impersonate <span class="k">for </span>the operation <span class="nt">--as-group</span> stringArray Group to impersonate <span class="k">for </span>the operation <span class="nt">--certificate-authority</span> string Path to a cert file <span class="k">for </span>the certificate authority <span class="nt">--client-certificate</span> string Path to a client certificate file <span class="k">for </span>TLS <span class="nt">--client-key</span> string Path to a client key file <span class="k">for </span>TLS <span class="nt">--cluster</span> string The name of the kubeconfig cluster to use <span class="nt">-c</span>, <span class="nt">--command</span> string Overrides the default resource to load when the application launches <span class="nt">--context</span> string The name of the kubeconfig context to use <span class="nt">--crumbsless</span> Turn K9s crumbs off <span class="nt">--headless</span> Turn K9s header off <span class="nt">-h</span>, <span class="nt">--help</span> <span class="nb">help </span><span class="k">for </span>k9s <span class="nt">--insecure-skip-tls-verify</span> If <span class="nb">true</span>, the server<span class="s1">'s caCertFile will not be checked for validity --kubeconfig string Path to the kubeconfig file to use for CLI requests --logFile string Specify the log file (default "/root/.local/state/k9s/k9s.log") -l, --logLevel string Specify a log level (error, warn, info, debug, trace) (default "info") --logoless Turn K9s logo off -n, --namespace string If present, the namespace scope for this CLI request --readonly Sets readOnly mode by overriding readOnly configuration setting -r, --refresh int Specify the default refresh rate as an integer (sec) (default 2) --request-timeout string The length of time to wait before giving up on a single server request --screen-dump-dir string Sets a path to a dir for a screen dumps --token string Bearer token for authentication to the API server --user string The name of the kubeconfig user to use --write Sets write mode by overriding the readOnly configuration setting Use "k9s [command] --help" for more information about a command. </span></code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frwf222lqzp6o017dzbu2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frwf222lqzp6o017dzbu2.png" width="800" height="407"></a></p> <p>Ollama, une alternative à ChatGPT, peut être déployée pour fournir des capacités de traitement du langage naturel directement dans votre environnement. Cela permet de bénéficier des capacités de traitement du langage naturel de Ollama sans dépendre de services cloud externes.</p> <p><a href="https://ollama.com/" rel="noopener noreferrer">Ollama</a></p> <blockquote> <p>En intégrant Ollama à vos outils de dépannage, vous pouvez générer des réponses et des solutions basées sur l’analyse des logs et des données de votre cluster Kubernetes.</p> </blockquote> <p>Pour son exécution, je suis amené à utiliser RunPod, une plateforme qui permet d’exécuter des tâches de traitement du langage naturel et d’autres tâches IA. RunPod vous permet en effet de créer des environnements de pod personnalisés pour exécuter des modèles de langage comme Ollama ou d’autres applications IA :</p> <p><a href="https://www.runpod.io/" rel="noopener noreferrer">RunPod - The Cloud Built for AI</a></p> <p>Création d’un Pod GPU qui me permet donc d’utiliser Ollama …</p> <p><a href="https://docs.runpod.io/tutorials/pods/run-ollama" rel="noopener noreferrer">Set up Ollama on your GPU Pod | RunPod Documentation</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F923x3tiqrc6pzf4euflj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F923x3tiqrc6pzf4euflj.png" width="800" height="367"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5xkprezlq7a0f1ef0ea5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5xkprezlq7a0f1ef0ea5.png" width="800" height="465"></a></p> <p>Je peux m’y connecter via SSH :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Welcome to Ubuntu 22.04.3 LTS <span class="o">(</span>GNU/Linux 6.5.0-44-generic x86_64<span class="o">)</span> <span class="k">*</span> Documentation: https://help.ubuntu.com <span class="k">*</span> Management: https://landscape.canonical.com <span class="k">*</span> Support: https://ubuntu.com/advantage This system has been minimized by removing packages and content that are not required on a system that <span class="nb">users </span><span class="k">do </span>not log into. To restore this content, you can run the <span class="s1">'unminimize'</span> command. The programs included with the Ubuntu system are free software<span class="p">;</span> the exact distribution terms <span class="k">for </span>each program are described <span class="k">in </span>the individual files <span class="k">in</span> /usr/share/doc/<span class="k">*</span>/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. ____________ _ <span class="o">(</span>_____<span class="se">\ </span><span class="o">(</span>_____ <span class="se">\ </span>| | _____<span class="o">)</span> <span class="o">)</span> _ _____ _____<span class="o">)</span> <span class="o">)</span>___ __| | | __/ | | | <span class="o">||</span> _ <span class="se">\ </span>|____ // _ <span class="se">\ </span>/ _ | | | <span class="se">\ \ </span>| |_| <span class="o">||</span> | | <span class="o">||</span> | | |_| |<span class="o">(</span> <span class="o">(</span>_| | |_| |_|| ____/ |_| |_||_| <span class="se">\_</span>__ / <span class="se">\ </span>____ | For detailed documentation and guides, please visit: https://docs.runpod.io/ and https://blog.runpod.io/ root@5ed8df208cf4:~# nvidia-smi Tue Jan 14 22:03:15 2025 +-----------------------------------------------------------------------------------------+ | NVIDIA-SMI 550.90.07 Driver Version: 550.90.07 CUDA Version: 12.4 | |-----------------------------------------+------------------------+----------------------+ | GPU Name Persistence-M | Bus-Id Disp.A | Volatile Uncorr. ECC | | Fan Temp Perf Pwr:Usage/Cap | Memory-Usage | GPU-Util Compute M. | | | | MIG M. | |<span class="o">=========================================</span>+<span class="o">========================</span>+<span class="o">======================</span>| | 0 NVIDIA GeForce RTX 4070 Ti On | 00000000:81:00.0 Off | N/A | | 0% 28C P8 11W / 285W | 2MiB / 12282MiB | 0% Default | | | | N/A | +-----------------------------------------+------------------------+----------------------+ +-----------------------------------------------------------------------------------------+ | Processes: | | GPU GI CI PID Type Process name GPU Memory | | ID ID Usage | |<span class="o">=========================================================================================</span>| | No running processes found | +-----------------------------------------------------------------------------------------+ </code></pre> </div> <p>Exécution d’Ollama :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@5ed8df208cf4:~# apt update 2&gt; /dev/null <span class="o">&amp;&amp;</span> apt <span class="nb">install</span> <span class="nt">-qq</span> lshw <span class="nt">-y</span> 2&gt; /dev/null root@5ed8df208cf4:~# <span class="nb">export </span><span class="nv">OLLAMA_HOST</span><span class="o">=</span>0.0.0.0:11434 root@5ed8df208cf4:~# <span class="o">(</span>curl <span class="nt">-fsSL</span> https://ollama.com/install.sh | sh <span class="o">&amp;&amp;</span> ollama serve <span class="o">&gt;</span> ollama.log 2&gt;&amp;1<span class="o">)</span> &amp; <span class="o">[</span>1] 950 root@5ed8df208cf4:~# <span class="o">&gt;&gt;&gt;</span> Installing ollama to /usr/local <span class="o">&gt;&gt;&gt;</span> Downloading Linux amd64 bundle <span class="c">######################################################################## 100.0%</span> <span class="o">&gt;&gt;&gt;</span> Creating ollama user... <span class="o">&gt;&gt;&gt;</span> Adding ollama user to video group... <span class="o">&gt;&gt;&gt;</span> Adding current user to ollama group... <span class="o">&gt;&gt;&gt;</span> Creating ollama systemd service... WARNING: systemd is not running <span class="o">&gt;&gt;&gt;</span> NVIDIA GPU installed. <span class="o">&gt;&gt;&gt;</span> The Ollama API is now available at 127.0.0.1:11434. <span class="o">&gt;&gt;&gt;</span> Install complete. Run <span class="s2">"ollama"</span> from the <span class="nb">command </span>line. root@5ed8df208cf4:~# netstat <span class="nt">-tunlp</span> Active Internet connections <span class="o">(</span>only servers<span class="o">)</span> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:7861 0.0.0.0:<span class="k">*</span> LISTEN 52/nginx: master <span class="nb">pr </span>tcp 0 0 0.0.0.0:8081 0.0.0.0:<span class="k">*</span> LISTEN 52/nginx: master <span class="nb">pr </span>tcp 0 0 0.0.0.0:8001 0.0.0.0:<span class="k">*</span> LISTEN 52/nginx: master <span class="nb">pr </span>tcp 0 0 0.0.0.0:22 0.0.0.0:<span class="k">*</span> LISTEN 70/sshd: /usr/sbin/ tcp 0 0 0.0.0.0:3001 0.0.0.0:<span class="k">*</span> LISTEN 52/nginx: master <span class="nb">pr </span>tcp 0 0 0.0.0.0:9091 0.0.0.0:<span class="k">*</span> LISTEN 52/nginx: master <span class="nb">pr </span>tcp 0 0 127.0.0.11:39145 0.0.0.0:<span class="k">*</span> LISTEN - tcp6 0 0 :::22 :::<span class="k">*</span> LISTEN 70/sshd: /usr/sbin/ tcp6 0 0 :::11434 :::<span class="k">*</span> LISTEN 1006/ollama udp 0 0 127.0.0.11:33663 0.0.0.0:<span class="k">*</span> - </code></pre> </div> <p>Récupération d’un LLM avec Llama3.2 :</p> <ul> <li><a href="https://ollama.com/library/llama3.2" rel="noopener noreferrer">llama3.2</a></li> <li> <a href="https://ai.meta.com/blog/llama-3-2-connect-2024-vision-edge-mobile-devices/" rel="noopener noreferrer">Llama 3.2: Revolutionizing edge AI and vision with open, customizable models</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@5ed8df208cf4:~# ollama pull llama3.2:3b-instruct-q4_K_S pulling manifest pulling d5e517daeee4... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 1.9 GB pulling 966de95ca8a6... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 1.4 KB pulling fcc5a6bec9da... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 7.7 KB pulling a70ff7e570d9... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 6.0 KB pulling 56bb8bd477a5... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 96 B pulling 9c65e8607c0c... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 561 B verifying sha256 digest writing manifest success root@5ed8df208cf4:~# ollama list NAME ID SIZE MODIFIED llama3.2:3b-instruct-q4_K_S 80f2089878c9 1.9 GB 31 seconds ago </code></pre> </div> <p>L’endpoint d’Ollama est disponible publiquement via le proxy offert par RunPod :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5sm3yhsnur0o6g0756ul.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5sm3yhsnur0o6g0756ul.png" width="800" height="441"></a></p> <p>Modification de K9s pour y intégrer cet endpoint et HolmesGPT sous forme d’un plug-in :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">root@k0s-incus:~# cat ~/.config/k9s/plugins.yaml</span> <span class="na">plugins</span><span class="pi">:</span> <span class="na">holmesgpt</span><span class="pi">:</span> <span class="na">shortCut</span><span class="pi">:</span> <span class="s">Shift-H</span> <span class="na">description</span><span class="pi">:</span> <span class="s">Ask HolmesGPT</span> <span class="na">scopes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">all</span> <span class="na">command</span><span class="pi">:</span> <span class="s">bash</span> <span class="na">background</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">confirm</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="pi">|</span> <span class="s">holmes ask "why is $NAME of $RESOURCE_NAME in -n $NAMESPACE not working as expected" --model="openai/llama3.2:3b-instruct-q4_K_S"</span> <span class="s">echo "Press 'q' to exit"</span> <span class="s">while : ; do</span> <span class="s">read -n 1 k &lt;&amp;1</span> <span class="s">if [[$k = q]] ; then</span> <span class="s">break</span> <span class="s">fi</span> <span class="s">done</span> <span class="s">root@k0s-incus:~# export OPENAI_API_BASE="https://vsr6spvysc6jly-11434.proxy.runpod.net/v1"</span> <span class="s">root@k0s-incus:~# export OPENAI_API_KEY=123</span> </code></pre> </div> <p>Déploiement d’un exemple de Pod problématique dans le cluster Kubernetes via les exemples fournis par Robusta :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/robusta-dev/kubernetes-demos/main/crashpod/broken.yaml deployment.apps/payment-processing-worker created root@k0s-incus:~# kubectl get po NAME READY STATUS RESTARTS AGE payment-processing-worker-747ccfb9db-njgmw 0/1 CrashLoopBackOff 1 <span class="o">(</span>4s ago<span class="o">)</span> 9s </code></pre> </div> <p>Je peux lancer la requête relative au plug-in avec HolmesGPT et la combinaison CTRL+H pour obtenir cette première réponse :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsijr2zwrjorx8lf05l3t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsijr2zwrjorx8lf05l3t.png" width="800" height="417"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foaezxruimosuykncefuw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foaezxruimosuykncefuw.png" width="800" height="417"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>The payment-processing-container container has crashed and is being restarted <span class="k">for </span>the 6th <span class="nb">time </span>due to a CrashLoopBackOff. The last state indicates that the container was terminated with an <span class="nb">exit </span>code of 0, which suggests that the <span class="nb">command </span>executed successfully but did not <span class="nb">complete </span>as expected. To investigate further, you can check the logs of the payment-processing-container container to see <span class="k">if </span>there are any error messages or clues about what is causing the issue. You can also check the Kubernetes events <span class="k">for </span>any other errors or warnings that may be related to this issue. Additionally, you can try to debug the <span class="nb">command </span>executed by the payment-processing-container container to see <span class="k">if </span>it<span class="s1">'s correct and working as expected. The command is: if [[-z "${DEPLOY_ENV}"]]; then echo Environment variable DEPLOY_ENV is undefined ; else while true; do echo hello; sleep 10;done; fi This command checks if the DEPLOY_ENV environment variable is set, and if it'</span>s not, it prints a message. If it is <span class="nb">set</span>, it enters an infinite loop that prints <span class="s2">"hello"</span> every 10 seconds. If you<span class="s1">'re running this container in a Kubernetes pod, you can try to debug the issue by checking the pod'</span>s logs or using a tool like kubectl to inspect the container<span class="s1">'s state and logs. Press '</span>q<span class="s1">' to exit </span></code></pre> </div> <p>Modification de la requête et autre réponse :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">root@k0s-incus:~# cat ~/.config/k9s/plugins.yaml</span> <span class="na">plugins</span><span class="pi">:</span> <span class="na">holmesgpt</span><span class="pi">:</span> <span class="na">shortCut</span><span class="pi">:</span> <span class="s">Shift-H</span> <span class="na">description</span><span class="pi">:</span> <span class="s">Ask HolmesGPT</span> <span class="na">scopes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">all</span> <span class="na">command</span><span class="pi">:</span> <span class="s">bash</span> <span class="na">background</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">confirm</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="pi">|</span> <span class="s">holmes ask "why is $NAME of $RESOURCE_NAME in -n $NAMESPACE not working and why $NAME is crashed?" --model="openai/llama3.2:3b-instruct-q4_K_S"</span> <span class="s">echo "Press 'q' to exit"</span> <span class="s">while : ; do</span> <span class="s">read -n 1 k &lt;&amp;1</span> <span class="s">if [[$k = q]] ; then</span> <span class="s">break</span> <span class="s">fi</span> <span class="s">done</span> <span class="s">The payment-processing-container container has crashed and is being restarted for the 6th time due to a CrashLoopBackOff. The last state indicates that the container was terminated with an</span> <span class="s">exit code of 0, which suggests that the command executed successfully but did not produce any output.</span> <span class="s">To investigate further, you can check the logs of the payment-processing-container container to see if there are any error messages or clues about what is causing the crash</span><span class="err">:</span> <span class="s">kubectl logs payment-processing-worker-747ccfb9db-njgmw -c payment-processing-container</span> <span class="s">Additionally, you can check the configuration of the payment-processing-container container to ensure that it is running with the correct environment variables and settings.</span> <span class="s">kubectl describe pod payment-processing-worker-747ccfb9db-njgmw -c payment-processing-container</span> <span class="s">This will provide more detailed information about the container's configuration and any errors that may be occurring.</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvqn20ne98a66zirzqt1p.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvqn20ne98a66zirzqt1p.jpg" width="582" height="428"></a></p> <p>HolmesGPT peut s’intégrer plus globalement à la plateforme Robusta via une installation dans le cluster Kubernetes et Helm …</p> <p><a href="https://docs.robusta.dev/master/configuration/ai-analysis.html#ai-analysis" rel="noopener noreferrer">AI Analysis - Robusta documentation</a></p> <p>Pour cela génération du fichier YAML de ce type en configuration :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">root@k0s-incus:~# cat generated_values.yaml</span> <span class="na">globalConfig</span><span class="pi">:</span> <span class="na">signing_key</span><span class="pi">:</span> <span class="s">568927d5-6e65-4c13-b3fe-fdc50e616fde</span> <span class="na">account_id</span><span class="pi">:</span> <span class="s">a4d7cea6-fba3-4ce6-ba3d-941b55ec83db</span> <span class="na">sinksConfig</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">robusta_sink</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">robusta_ui_sink</span> <span class="na">token</span><span class="pi">:</span> <span class="s">&lt;TOKEN&gt;</span> <span class="na">enablePrometheusStack</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">kube-prometheus-stack</span><span class="pi">:</span> <span class="na">grafana</span><span class="pi">:</span> <span class="na">persistence</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">enablePlatformPlaybooks</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">runner</span><span class="pi">:</span> <span class="na">sendAdditionalTelemetry</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">enableHolmesGPT</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">holmes</span><span class="pi">:</span> <span class="na">additionalEnvVars</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ROBUSTA_AI</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F94g2rh49y7rlmz6dn04z.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F94g2rh49y7rlmz6dn04z.png" width="800" height="419"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh9sqitxrv1m1n9lm00yu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh9sqitxrv1m1n9lm00yu.png" width="800" height="419"></a></p> <p>Utilisation des commandes et du fichier de configuration YAML fournis par la plateforme Robusta :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# helm repo add robusta https://robusta-charts.storage.googleapis.com <span class="o">&amp;&amp;</span> helm repo update <span class="s2">"robusta"</span> has been added to your repositories Hang tight <span class="k">while </span>we grab the latest from your chart repositories... ...Successfully got an update from the <span class="s2">"robusta"</span> chart repository Update Complete. ⎈Happy Helming!⎈ root@k0s-incus:~# helm <span class="nb">install </span>robusta robusta/robusta <span class="nt">-f</span> ./generated_values.yaml <span class="nt">--set</span> <span class="nv">clusterName</span><span class="o">=</span><span class="s2">"k0s-cluster"</span> <span class="se">\</span> <span class="nt">--set</span> <span class="nv">isSmallCluster</span><span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> holmes.resources.requests.memory<span class="o">=</span>512Mi <span class="se">\</span> <span class="nt">--set</span> kube-prometheus-stack.prometheus.prometheusSpec.retentionSize<span class="o">=</span>9GB <span class="se">\</span> <span class="nt">--set</span> kube-prometheus-stack.prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage<span class="o">=</span>10Gi <span class="se">\</span> <span class="nt">--set</span> kube-prometheus-stack.prometheus.prometheusSpec.resources.requests.memory<span class="o">=</span>512Mi NAME: robusta LAST DEPLOYED: Tue Jan 14 22:59:09 2025 NAMESPACE: default STATUS: deployed REVISION: 1 NOTES: Thank you <span class="k">for </span>installing Robusta 0.20.0 As an open <span class="nb">source </span>project, we collect general usage statistics. This data is extremely limited and contains only general metadata to <span class="nb">help </span>us understand usage patterns. If you are willing to share additional data, please <span class="k">do </span>so! It really <span class="nb">help </span>us improve Robusta. You can <span class="nb">set </span>sendAdditionalTelemetry: <span class="nb">true </span>as a Helm value to send exception reports and additional data. This is disabled by default. To opt-out of telemetry entirely, <span class="nb">set </span>a <span class="nv">ENABLE_TELEMETRY</span><span class="o">=</span><span class="nb">false </span>environment variable on the robusta-runner deployment. Note that <span class="k">if </span>the Robusta UI is enabled, telemetry cannot be disabled even <span class="k">if </span><span class="nv">ENABLE_TELEMETRY</span><span class="o">=</span><span class="nb">false </span>is set. Visit the web UI at: https://platform.robusta.dev/ root@k0s-incus:~# helm <span class="nb">ls</span> <span class="nt">-A</span> NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION robusta default 2 2025-01-14 23:10:13.935906491 +0000 UTC deployed robusta-0.20.0 0.20.0 root@k0s-incus:~# kubectl get po,svc NAME READY STATUS RESTARTS AGE pod/alertmanager-robusta-kube-prometheus-st-alertmanager-0 0/2 Pending 0 2m pod/payment-processing-worker-747ccfb9db-njgmw 0/1 CrashLoopBackOff 10 <span class="o">(</span>2m33s ago<span class="o">)</span> 28m pod/prometheus-robusta-kube-prometheus-st-prometheus-0 0/2 Pending 0 2m pod/robusta-forwarder-cd847ccc-wxc6d 1/1 Running 0 2m5s pod/robusta-grafana-8588b8fb85-fv5vj 3/3 Running 0 2m5s pod/robusta-holmes-55dd58ff6d-m4zth 1/1 Running 0 2m5s pod/robusta-kube-prometheus-st-operator-6885c8f675-szncg 1/1 Running 0 2m5s pod/robusta-kube-state-metrics-8667fd9775-s49z4 1/1 Running 0 2m5s pod/robusta-prometheus-node-exporter-c6jvb 1/1 Running 0 2m5s pod/robusta-prometheus-node-exporter-j6zp5 1/1 Running 0 2m5s pod/robusta-runner-5d667b7d9c-dm2z7 1/1 Running 0 2m5s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE service/alertmanager-operated ClusterIP None &lt;none&gt; 9093/TCP,9094/TCP,9094/UDP 2m1s service/kubernetes ClusterIP 10.96.0.1 &lt;none&gt; 443/TCP 94m service/prometheus-operated ClusterIP None &lt;none&gt; 9090/TCP 2m1s service/robusta-forwarder ClusterIP 10.102.7.41 &lt;none&gt; 80/TCP 2m5s service/robusta-grafana ClusterIP 10.106.69.72 &lt;none&gt; 80/TCP 2m5s service/robusta-holmes ClusterIP 10.110.124.241 &lt;none&gt; 80/TCP 2m5s service/robusta-kube-prometheus-st-alertmanager ClusterIP 10.105.101.210 &lt;none&gt; 9093/TCP,8080/TCP 2m5s service/robusta-kube-prometheus-st-operator ClusterIP 10.103.213.208 &lt;none&gt; 443/TCP 2m5s service/robusta-kube-prometheus-st-prometheus ClusterIP 10.107.13.104 &lt;none&gt; 9090/TCP,8080/TCP 2m5s service/robusta-kube-state-metrics ClusterIP 10.103.53.30 &lt;none&gt; 8080/TCP 2m5s service/robusta-prometheus-node-exporter ClusterIP 10.102.243.65 &lt;none&gt; 9104/TCP 2m5s service/robusta-runner ClusterIP 10.97.82.15 &lt;none&gt; 80/TCP 2m5s </code></pre> </div> <p>Je peux procéder à l’installation complête via cette formule :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@k0s-incus:~# helm upgrade robusta robusta/robusta <span class="nt">-f</span> ./generated_values.yaml <span class="nt">--set</span> <span class="nv">clusterName</span><span class="o">=</span><span class="s2">"k0s-cluster"</span> Release <span class="s2">"robusta"</span> has been upgraded. Happy Helming! NAME: robusta LAST DEPLOYED: Tue Jan 14 23:14:02 2025 NAMESPACE: default STATUS: deployed REVISION: 5 NOTES: Thank you <span class="k">for </span>installing Robusta 0.20.0 As an open <span class="nb">source </span>project, we collect general usage statistics. This data is extremely limited and contains only general metadata to <span class="nb">help </span>us understand usage patterns. If you are willing to share additional data, please <span class="k">do </span>so! It really <span class="nb">help </span>us improve Robusta. You can <span class="nb">set </span>sendAdditionalTelemetry: <span class="nb">true </span>as a Helm value to send exception reports and additional data. This is disabled by default. To opt-out of telemetry entirely, <span class="nb">set </span>a <span class="nv">ENABLE_TELEMETRY</span><span class="o">=</span><span class="nb">false </span>environment variable on the robusta-runner deployment. Note that <span class="k">if </span>the Robusta UI is enabled, telemetry cannot be disabled even <span class="k">if </span><span class="nv">ENABLE_TELEMETRY</span><span class="o">=</span><span class="nb">false </span>is set. Visit the web UI at: https://platform.robusta.dev/ </code></pre> </div> <p>Le cluster apparaît sur Robusta :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ficw4j7jzoe4ehrbrs2xy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ficw4j7jzoe4ehrbrs2xy.png" width="800" height="405"></a></p> <p>Et là également via HolmesGPT, intterogation de la plateforme sur les éventuelles problématiques rencontrées dans le cluster Kubernetes :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8in3sgby36e2fykc3msi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8in3sgby36e2fykc3msi.png" width="800" height="404"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx3i7fyoioogyj5ghl6fq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx3i7fyoioogyj5ghl6fq.png" width="800" height="404"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdqezsha0632tfvou0kuj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdqezsha0632tfvou0kuj.png" width="800" height="404"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyhi4ei1otp229eztccxg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyhi4ei1otp229eztccxg.png" width="800" height="404"></a></p> <p>Le tout avec une consommation moindre dans le cluster …</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0238q9d64qdp2kwnh4i4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0238q9d64qdp2kwnh4i4.png" width="800" height="417"></a></p> <p>L’utilisation de l’IA pour le dépannage et l’analyse des incidents réduit le temps et l’effort humain nécessaire, permettant aux équipes de se concentrer sur des tâches plus stratégiques.</p> <blockquote> <p>Les outils comme HolmesGPT et Ollama peuvent être mis à l’échelle en fonction de la demande, ce qui est particulièrement utile dans les environnements de production où la charge de travail peut varier significativement.</p> </blockquote> <p>On peut donc en conclure que l’intégration de l’IA dans les clusters Kubernetes à l’aide d’outils comme HolmesGPT, Ollama et de fournisseur d’instances GPU comme RunPod, offre des avantages significatifs en termes d’efficiacité, de scalabilité et de tolérance aux pannes.</p> <blockquote> <p>Ces technologies permettent de rationaliser le cycle de vie des applications, de simplifier le dépannage et d’améliorer la gestion des ressources, rendant ainsi les opérations Kubernetes plus robustes et plus performantes …</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqamrcp4ch25cpk7tsp68.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqamrcp4ch25cpk7tsp68.jpg" width="500" height="500"></a></p> <p><strong>À suivre !</strong></p> kubernetes ai containers devops Karim Mon, 30 Dec 2024 18:01:16 +0000 https://forem.com/deep75/implementer-le-retrieval-augmented-generation-rag-de-maniere-privee-sur-kubernetes-avec-kubeai-et-3dni https://forem.com/deep75/implementer-le-retrieval-augmented-generation-rag-de-maniere-privee-sur-kubernetes-avec-kubeai-et-3dni <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2o6priydsa65wat4t8fv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2o6priydsa65wat4t8fv.png" width="800" height="439"></a></p> <p>L’utilisation combinée de KubeAI et Weaviate offre une solution puissante pour implémenter le Retrieval Augmented Generation (RAG) de manière privée et évolutive sur Kubernetes. Dans cet article, nous allons explorer comment mettre en place cette architecture pour créer des applications d’IA avancées.</p> <blockquote> <p>KubeAI est une plateforme qui permet de déployer des modèles d’IA open source sur Kubernetes, offrant une alternative privée aux services d’IA dans le cloud</p> </blockquote> <p><a href="https://www.kubeai.org/" rel="noopener noreferrer">KubeAI</a></p> <p>KubeAI utilise une API HTTP compatible avec OpenAI et peut être considéré comme un opérateur de modèlequi gère les serveurs vLLM et Ollama.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fziakh9ydpwdjg2so9t2x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fziakh9ydpwdjg2so9t2x.png" width="800" height="542"></a></p> <p>Pour commencer, il faut déployer KubeAI sur un cluster Kubernetes. Voici les étapes principales : je pars d’une instance Ubuntu 24.04 LTS sur DigitalOcean mettant en oeuvre des processeurs CPU dédiés premium d’Intel …</p> <p><a href="https://www.digitalocean.com/blog/introducing-premium-cpu-optimized-droplets" rel="noopener noreferrer">Introducing Premium CPU-Optimized Droplets | DigitalOcean</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhkn018uzj3yeof7yy0x5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhkn018uzj3yeof7yy0x5.png" width="800" height="255"></a></p> <p>Et j’y installe de nouveau k3s pour former mon cluster Kubernetes local avec les clients nécessaires (kubectl et helm) :</p> <p><a href="https://k3s.io/" rel="noopener noreferrer">K3s</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@kubeai:~# snap <span class="nb">install </span>kubectl <span class="nt">--classic</span> 2024-12-30T13:37:55Z INFO Waiting <span class="k">for </span>automatic snapd restart... kubectl 1.31.4 from Canonical✓ installed root@kubeai:~# snap <span class="nb">install </span>helm <span class="nt">--classic</span> helm 3.16.4 from Snapcrafters✪ installed root@kubeai:~# <span class="nb">type </span>kubectl <span class="o">&amp;&amp;</span> <span class="nb">type </span>helm kubectl is /snap/bin/kubectl helm is /snap/bin/helm root@kubeai:~# curl <span class="nt">-sfL</span> https://get.k3s.io | sh - <span class="o">[</span>INFO] Finding release <span class="k">for </span>channel stable <span class="o">[</span>INFO] Using v1.31.4+k3s1 as release <span class="o">[</span>INFO] Downloading <span class="nb">hash </span>https://github.com/k3s-io/k3s/releases/download/v1.31.4+k3s1/sha256sum-amd64.txt <span class="o">[</span>INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.31.4+k3s1/k3s <span class="o">[</span>INFO] Verifying binary download <span class="o">[</span>INFO] Installing k3s to /usr/local/bin/k3s <span class="o">[</span>INFO] Skipping installation of SELinux RPM <span class="o">[</span>INFO] Skipping /usr/local/bin/kubectl symlink to k3s, <span class="nb">command </span>exists <span class="k">in </span>PATH at /snap/bin/kubectl <span class="o">[</span>INFO] Creating /usr/local/bin/crictl symlink to k3s <span class="o">[</span>INFO] Creating /usr/local/bin/ctr symlink to k3s <span class="o">[</span>INFO] Creating killall script /usr/local/bin/k3s-killall.sh <span class="o">[</span>INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh <span class="o">[</span>INFO] <span class="nb">env</span>: Creating environment file /etc/systemd/system/k3s.service.env <span class="o">[</span>INFO] systemd: Creating service file /etc/systemd/system/k3s.service <span class="o">[</span>INFO] systemd: Enabling k3s unit Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service. <span class="o">[</span>INFO] systemd: Starting k3s root@kubeai:~# <span class="nb">mkdir</span> .kube <span class="o">&amp;&amp;</span> <span class="nb">cp</span> /etc/rancher/k3s/k3s.yaml ~/.kube/config <span class="o">&amp;&amp;</span> <span class="nb">chmod </span>600 ~/.kube/config root@kubeai:~# helm <span class="nb">ls </span>NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION root@kubeai:~# kubectl cluster-info Kubernetes control plane is running at https://127.0.0.1:6443 CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy Metrics-server is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/https:metrics-server:https/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> root@kubeai:~# kubectl get po,svc <span class="nt">-A</span> NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/coredns-ccb96694c-l6mzp 1/1 Running 0 3m51s kube-system pod/helm-install-traefik-crd-462cg 0/1 Completed 0 3m51s kube-system pod/helm-install-traefik-jbx28 0/1 Completed 1 3m51s kube-system pod/local-path-provisioner-5cf85fd84d-hkdkl 1/1 Running 0 3m51s kube-system pod/metrics-server-5985cbc9d7-vjmrj 1/1 Running 0 3m51s kube-system pod/svclb-traefik-75ae73e0-5s2fq 2/2 Running 0 3m43s kube-system pod/traefik-57b79cf995-b662r 1/1 Running 0 3m43s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default service/kubernetes ClusterIP 10.43.0.1 &lt;none&gt; 443/TCP 3m58s kube-system service/kube-dns ClusterIP 10.43.0.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 3m53s kube-system service/metrics-server ClusterIP 10.43.49.80 &lt;none&gt; 443/TCP 3m53s kube-system service/traefik LoadBalancer 10.43.140.130 164.92.248.129 80:32667/TCP,443:32508/TCP 3m43s </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn4x06410zbxnjqjkw9zs.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn4x06410zbxnjqjkw9zs.jpg" width="535" height="467"></a></p> <p>KubeAI offre une compatibilité avec certains API d’OpenAI :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Implemented # /v1/chat/completions /v1/completions /v1/embeddings /v1/models /v1/audio/transcriptions # Planned # # /v1/assistants/* # /v1/batches/* # /v1/fine_tuning/* # /v1/images/* # /v1/vector_stores/* </code></pre> </div> <p>Je procède au déploiement de KubeAI via Helm en définissant les modèles nécessaires, notamment un modèle d’embedding et un modèle génératif (Le modèle d’intégration nomique est utilisé à la place de text-embedding-ada-002 et Google Gemma 2-2B est utilisé à la place de GPT-3.5-turbo) :</p> <ul> <li><a href="https://huggingface.co/google/gemma-2-2b" rel="noopener noreferrer">google/gemma-2-2b · Hugging Face</a></li> <li> <a href="https://ollama.com/library/gemma2:2b" rel="noopener noreferrer">gemma2:2b</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">root@kubeai:~# cat kubeai-model-values.yaml</span> <span class="na">catalog</span><span class="pi">:</span> <span class="na">text-embedding-ada-002</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">minReplicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">features</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">TextEmbedding"</span><span class="pi">]</span> <span class="na">owner</span><span class="pi">:</span> <span class="s">nomic</span> <span class="na">url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ollama://nomic-embed-text"</span> <span class="na">engine</span><span class="pi">:</span> <span class="s">OLlama</span> <span class="na">resourceProfile</span><span class="pi">:</span> <span class="s">cpu:1</span> <span class="na">gpt-3.5-turbo</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">minReplicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">features</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">TextGeneration"</span><span class="pi">]</span> <span class="na">owner</span><span class="pi">:</span> <span class="s">google</span> <span class="na">url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ollama://gemma2:2b"</span> <span class="na">engine</span><span class="pi">:</span> <span class="s">OLlama</span> <span class="na">resourceProfile</span><span class="pi">:</span> <span class="s">cpu:4</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@kubeai:~# helm repo add kubeai https://www.kubeai.org <span class="o">&amp;&amp;</span> helm repo update <span class="s2">"kubeai"</span> has been added to your repositories Hang tight <span class="k">while </span>we grab the latest from your chart repositories... ...Successfully got an update from the <span class="s2">"kubeai"</span> chart repository Update Complete. ⎈Happy Helming!⎈ root@kubeai:~# helm <span class="nb">install </span>kubeai kubeai/kubeai NAME: kubeai LAST DEPLOYED: Mon Dec 30 13:47:00 2024 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None root@kubeai:~# helm <span class="nb">install </span>kubeai-models kubeai/models <span class="se">\</span> <span class="nt">-f</span> ./kubeai-model-values.yaml NAME: kubeai-models LAST DEPLOYED: Mon Dec 30 13:47:11 2024 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None root@kubeai:~# kubectl get po,svc NAME READY STATUS RESTARTS AGE pod/kubeai-6b7b6866fb-26qwq 1/1 Running 0 3m1s pod/model-gpt-3.5-turbo-545cf68d8d-v97gs 1/1 Running 0 27s pod/model-text-embedding-ada-002-64dc467cf4-8m64j 1/1 Running 0 30s pod/openwebui-55d54bd69-k4ttm 1/1 Running 0 3m1s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE service/kubeai ClusterIP 10.43.24.35 &lt;none&gt; 80/TCP,8080/TCP 3m1s service/kubernetes ClusterIP 10.43.0.1 &lt;none&gt; 443/TCP 9m12s service/openwebui ClusterIP 10.43.107.76 &lt;none&gt; 80/TCP 3m1s </code></pre> </div> <p>Ollama est bien présent avec KubeAI :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# kubectl logs pod/model-gpt-3.5-turbo-545cf68d8d-v97gs Couldn<span class="s1">'t find '</span>/root/.ollama/id_ed25519<span class="s1">'. Generating new private key. Your new public key is: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGHk39koguimeZFYBSjv9LDxjj5vZRjFmwznLdXSWUV 2024/12/30 13:49:36 routes.go:1259: INFO server config env="map[CUDA_VISIBLE_DEVICES: GPU_DEVICE_ORDINAL: HIP_VISIBLE_DEVICES: HSA_OVERRIDE_GFX_VERSION: HTTPS_PROXY: HTTP_PROXY: NO_PROXY: OLLAMA_DEBUG:false OLLAMA_FLASH_ATTENTION:false OLLAMA_GPU_OVERHEAD:0 OLLAMA_HOST:http://0.0.0.0:8000 OLLAMA_INTEL_GPU:false OLLAMA_KEEP_ALIVE:999999h0m0s OLLAMA_KV_CACHE_TYPE: OLLAMA_LLM_LIBRARY: OLLAMA_LOAD_TIMEOUT:5m0s OLLAMA_MAX_LOADED_MODELS:0 OLLAMA_MAX_QUEUE:512 OLLAMA_MODELS:/root/.ollama/models OLLAMA_MULTIUSER_CACHE:false OLLAMA_NOHISTORY:false OLLAMA_NOPRUNE:false OLLAMA_NUM_PARALLEL:0 OLLAMA_ORIGINS:[http://localhost https://localhost http://localhost:* https://localhost:* http://127.0.0.1 https://127.0.0.1 http://127.0.0.1:* https://127.0.0.1:* http://0.0.0.0 https://0.0.0.0 http://0.0.0.0:* https://0.0.0.0:* app://* file://* tauri://* vscode-webview://*] OLLAMA_SCHED_SPREAD:false ROCR_VISIBLE_DEVICES: http_proxy: https_proxy: no_proxy:]" time=2024-12-30T13:49:36.768Z level=INFO source=images.go:757 msg="total blobs: 0" time=2024-12-30T13:49:36.768Z level=INFO source=images.go:764 msg="total unused blobs removed: 0" [GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached. [GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production. - using env: export GIN_MODE=release - using code: gin.SetMode(gin.ReleaseMode) [GIN-debug] POST /api/pull --&gt; github.com/ollama/ollama/server.(*Server).PullHandler-fm (5 handlers) [GIN-debug] POST /api/generate --&gt; github.com/ollama/ollama/server.(*Server).GenerateHandler-fm (5 handlers) [GIN-debug] POST /api/chat --&gt; github.com/ollama/ollama/server.(*Server).ChatHandler-fm (5 handlers) [GIN-debug] POST /api/embed --&gt; github.com/ollama/ollama/server.(*Server).EmbedHandler-fm (5 handlers) [GIN-debug] POST /api/embeddings --&gt; github.com/ollama/ollama/server.(*Server).EmbeddingsHandler-fm (5 handlers) [GIN-debug] POST /api/create --&gt; github.com/ollama/ollama/server.(*Server).CreateHandler-fm (5 handlers) [GIN-debug] POST /api/push --&gt; github.com/ollama/ollama/server.(*Server).PushHandler-fm (5 handlers) [GIN-debug] POST /api/copy --&gt; github.com/ollama/ollama/server.(*Server).CopyHandler-fm (5 handlers) [GIN-debug] DELETE /api/delete --&gt; github.com/ollama/ollama/server.(*Server).DeleteHandler-fm (5 handlers) [GIN-debug] POST /api/show --&gt; github.com/ollama/ollama/server.(*Server).ShowHandler-fm (5 handlers) [GIN-debug] POST /api/blobs/:digest --&gt; github.com/ollama/ollama/server.(*Server).CreateBlobHandler-fm (5 handlers) [GIN-debug] HEAD /api/blobs/:digest --&gt; github.com/ollama/ollama/server.(*Server).HeadBlobHandler-fm (5 handlers) [GIN-debug] GET /api/ps --&gt; github.com/ollama/ollama/server.(*Server).PsHandler-fm (5 handlers) [GIN-debug] POST /v1/chat/completions --&gt; github.com/ollama/ollama/server.(*Server).ChatHandler-fm (6 handlers) </span></code></pre> </div> <p>Weaviate est un moteur de recherche vectoriel qui peut s’intégrer de manière transparente aux modèles d’intégration et de génération de KubeAI. Je vais utiliser KubeAI comme point de terminaison OpenAI pour Weaviate :</p> <p><a href="https://weaviate.io/developers/weaviate/model-providers/kubeai" rel="noopener noreferrer">KubeAI + Weaviate | Weaviate</a></p> <p>Création d’un fichier nommé <strong><em>weaviate-values.yaml</em></strong> avec le contenu suivant pour l’installation de Weaviate via Helm (et activer les modules <em>text2vec-openai</em> et <em>generative-openai ;</em> apiKeyest ignoré dans ce cas car on utilise ici KubeAI comme point de terminaison OpenAI) :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">root@kubeai:~# cat weaviate-values.yaml</span> <span class="na">modules</span><span class="pi">:</span> <span class="na">text2vec-openai</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">apiKey</span><span class="pi">:</span> <span class="s">thisIsIgnored</span> <span class="na">generative-openai</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">apiKey</span><span class="pi">:</span> <span class="s">thisIsIgnored</span> <span class="na">default_vectorizer_module</span><span class="pi">:</span> <span class="s">text2vec-openai</span> <span class="na">service</span><span class="pi">:</span> <span class="c1"># To prevent Weaviate being exposed publicly</span> <span class="na">type</span><span class="pi">:</span> <span class="s">ClusterIP</span> <span class="s">root@kubeai:~# helm repo add weaviate https://weaviate.github.io/weaviate-helm &amp;&amp; helm repo update</span> <span class="s2">"</span><span class="s">weaviate"</span> <span class="s">has been added to your repositories</span> <span class="s">Hang tight while we grab the latest from your chart repositories...</span> <span class="s">...Successfully got an update from the "weaviate" chart repository</span> <span class="s">...Successfully got an update from the "kubeai" chart repository</span> <span class="s">Update Complete. ⎈Happy Helming!⎈</span> <span class="s">root@kubeai:~# helm install \</span> <span class="s">"weaviate" \</span> <span class="s">weaviate/weaviate \</span> <span class="s">-f weaviate-values.yaml</span> <span class="na">NAME</span><span class="pi">:</span> <span class="s">weaviate</span> <span class="na">LAST DEPLOYED</span><span class="pi">:</span> <span class="s">Mon Dec 30 13:51:48 </span><span class="m">2024</span> <span class="na">NAMESPACE</span><span class="pi">:</span> <span class="s">default</span> <span class="na">STATUS</span><span class="pi">:</span> <span class="s">deployed</span> <span class="na">REVISION</span><span class="pi">:</span> <span class="m">1</span> <span class="na">TEST SUITE</span><span class="pi">:</span> <span class="s">None</span> <span class="s">root@kubeai:~# kubectl get po,svc</span> <span class="s">NAME READY STATUS RESTARTS AGE</span> <span class="s">pod/kubeai-6b7b6866fb-26qwq 1/1 Running 0 5m18s</span> <span class="s">pod/model-gpt-3.5-turbo-545cf68d8d-v97gs 1/1 Running 0 2m44s</span> <span class="s">pod/model-text-embedding-ada-002-64dc467cf4-8m64j 1/1 Running 0 2m47s</span> <span class="s">pod/openwebui-55d54bd69-k4ttm 1/1 Running 0 5m18s</span> <span class="s">pod/weaviate-0 1/1 Running 0 31s</span> <span class="s">NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE</span> <span class="s">service/kubeai ClusterIP 10.43.24.35 &lt;none&gt; 80/TCP,8080/TCP 5m18s</span> <span class="s">service/kubernetes ClusterIP 10.43.0.1 &lt;none&gt; 443/TCP 11m</span> <span class="s">service/openwebui ClusterIP 10.43.107.76 &lt;none&gt; 80/TCP 5m18s</span> <span class="s">service/weaviate ClusterIP 10.43.211.85 &lt;none&gt; 80/TCP 31s</span> <span class="s">service/weaviate-grpc LoadBalancer 10.43.37.63 164.92.248.129 50051:31360/TCP 31s</span> <span class="s">service/weaviate-headless ClusterIP None &lt;none&gt; 80/TCP 31s</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq7mw0or4p8v17j2fhwwt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq7mw0or4p8v17j2fhwwt.png" width="800" height="414"></a></p> <p>Je vais exécuter des requêtes en Python pour interagir avec Weaviate. Installation de l’environnement nécessaire via <strong>uv</strong> (gestionnaire de paquets et de projets pour Python extrêmement rapide et écrit en Rust) :</p> <ul> <li><a href="https://github.com/astral-sh/uv" rel="noopener noreferrer">GitHub - astral-sh/uv: An extremely fast Python package and project manager, written in Rust.</a></li> <li> <a href="https://docs.astral.sh/uv/" rel="noopener noreferrer">uv</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@kubeai:~# curl <span class="nt">-LsSf</span> https://astral.sh/uv/install.sh | sh downloading uv 0.5.13 x86_64-unknown-linux-gnu no checksums to verify installing to /root/.local/bin uv uvx everything<span class="s1">'s installed! To add $HOME/.local/bin to your PATH, either restart your shell or run: source $HOME/.local/bin/env (sh, bash, zsh) source $HOME/.local/bin/env.fish (fish) root@kubeai:~# source $HOME/.local/bin/env root@kubeai:~# uv An extremely fast Python package manager. Usage: uv [OPTIONS] &lt;COMMAND&gt; Commands: run Run a command or script init Create a new project add Add dependencies to the project remove Remove dependencies from the project sync Update the project'</span>s environment lock Update the project<span class="s1">'s lockfile export Export the project'</span>s lockfile to an alternate format tree Display the project<span class="s1">'s dependency tree tool Run and install commands provided by Python packages python Manage Python versions and installations pip Manage Python packages with a pip-compatible interface venv Create a virtual environment build Build Python packages into source distributions and wheels publish Upload distributions to an index cache Manage uv'</span>s cache self Manage the uv executable version Display uv<span class="s1">'s version help Display documentation for a command Cache options: -n, --no-cache Avoid reading from or writing to the cache, instead using a temporary directory for the duration of the operation [env: UV_NO_CACHE=] --cache-dir &lt;CACHE_DIR&gt; Path to the cache directory [env: UV_CACHE_DIR=] Python options: --python-preference &lt;PYTHON_PREFERENCE&gt; Whether to prefer uv-managed or system Python installations [env: UV_PYTHON_PREFERENCE=] [possible values: only-managed, managed, system, only-system] --no-python-downloads Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: -q, --quiet Do not print any output -v, --verbose... Use verbose output --color &lt;COLOR_CHOICE&gt; Control colors in output [default: auto] [possible values: auto, always, never] --native-tls Whether to load TLS certificates from the platform'</span>s native certificate store <span class="o">[</span><span class="nb">env</span>: <span class="nv">UV_NATIVE_TLS</span><span class="o">=]</span> <span class="nt">--offline</span> Disable network access <span class="o">[</span><span class="nb">env</span>: <span class="nv">UV_OFFLINE</span><span class="o">=]</span> <span class="nt">--allow-insecure-host</span> &lt;ALLOW_INSECURE_HOST&gt; Allow insecure connections to a host <span class="o">[</span><span class="nb">env</span>: <span class="nv">UV_INSECURE_HOST</span><span class="o">=]</span> <span class="nt">--no-progress</span> Hide all progress outputs <span class="o">[</span><span class="nb">env</span>: <span class="nv">UV_NO_PROGRESS</span><span class="o">=]</span> <span class="nt">--directory</span> &lt;DIRECTORY&gt; Change to the given directory prior to running the <span class="nb">command</span> <span class="nt">--project</span> &lt;PROJECT&gt; Run the <span class="nb">command </span>within the given project directory <span class="nt">--config-file</span> &lt;CONFIG_FILE&gt; The path to a <span class="sb">`</span>uv.toml<span class="sb">`</span> file to use <span class="k">for </span>configuration <span class="o">[</span><span class="nb">env</span>: <span class="nv">UV_CONFIG_FILE</span><span class="o">=]</span> <span class="nt">--no-config</span> Avoid discovering configuration files <span class="o">(</span><span class="sb">`</span>pyproject.toml<span class="sb">`</span>, <span class="sb">`</span>uv.toml<span class="sb">`</span><span class="o">)</span> <span class="o">[</span><span class="nb">env</span>: <span class="nv">UV_NO_CONFIG</span><span class="o">=]</span> <span class="nt">-h</span>, <span class="nt">--help</span> Display the concise <span class="nb">help </span><span class="k">for </span>this <span class="nb">command</span> <span class="nt">-V</span>, <span class="nt">--version</span> Display the uv version Use <span class="sb">`</span>uv <span class="nb">help</span><span class="sb">`</span> <span class="k">for </span>more details. root@kubeai:~# uv self update info: Checking <span class="k">for </span>updates... success: You<span class="s1">'re on the latest version of uv (v0.5.13) root@kubeai:~# uv venv weaviate Using CPython 3.12.3 interpreter at: /usr/bin/python3 Creating virtual environment at: weaviate Activate with: source weaviate/bin/activate root@kubeai:~# source weaviate/bin/activate </span></code></pre> </div> <p>Installation du client Python pour Weaviate à cette étape :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# uv pip <span class="nb">install</span> <span class="nt">-U</span> weaviate-client requests Using Python 3.12.3 environment at: weaviate Resolved 25 packages <span class="k">in </span>382ms Prepared 25 packages <span class="k">in </span>252ms Installed 25 packages <span class="k">in </span>11ms + annotated-types<span class="o">==</span>0.7.0 + <span class="nv">anyio</span><span class="o">==</span>4.7.0 + <span class="nv">authlib</span><span class="o">==</span>1.3.1 + <span class="nv">certifi</span><span class="o">==</span>2024.12.14 + <span class="nv">cffi</span><span class="o">==</span>1.17.1 + charset-normalizer<span class="o">==</span>3.4.1 + <span class="nv">cryptography</span><span class="o">==</span>44.0.0 + <span class="nv">grpcio</span><span class="o">==</span>1.68.1 + grpcio-health-checking<span class="o">==</span>1.68.1 + grpcio-tools<span class="o">==</span>1.68.1 + <span class="nv">h11</span><span class="o">==</span>0.14.0 + <span class="nv">httpcore</span><span class="o">==</span>1.0.7 + <span class="nv">httpx</span><span class="o">==</span>0.28.1 + <span class="nv">idna</span><span class="o">==</span>3.10 + <span class="nv">protobuf</span><span class="o">==</span>5.29.2 + <span class="nv">pycparser</span><span class="o">==</span>2.22 + <span class="nv">pydantic</span><span class="o">==</span>2.10.4 + pydantic-core<span class="o">==</span>2.27.2 + <span class="nv">requests</span><span class="o">==</span>2.32.3 + <span class="nv">setuptools</span><span class="o">==</span>75.6.0 + <span class="nv">sniffio</span><span class="o">==</span>1.3.1 + typing-extensions<span class="o">==</span>4.12.2 + <span class="nv">urllib3</span><span class="o">==</span>2.3.0 + <span class="nv">validators</span><span class="o">==</span>0.34.0 + weaviate-client<span class="o">==</span>4.10.2 </code></pre> </div> <p>Weaviate n’est pas exposé publiquement dans cette configuration. Je configure des redirections de port locales pour accéder aux services Weaviate :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# screen <span class="nt">-L</span> <span class="nt">-S</span> weaviate-http <span class="o">[</span>detached from 11693.weaviate-http] <span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# screen <span class="nt">-L</span> <span class="nt">-S</span> weaviate-grpc <span class="o">[</span>detached from 11996.weaviate-grpc] <span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# <span class="nb">tail</span> <span class="nt">-f</span> screenlog.0 root@kubeai:~# kubectl port-forward svc/weaviate 8080:80 <span class="o">&amp;&amp;</span> kubectl port-forward svc/weaviate-grpc 50051:50051 Forwarding from 127.0.0.1:8080 -&gt; 8080 Forwarding from <span class="o">[</span>::1]:8080 -&gt; 8080 root@kubeai:~# kubectl port-forward svc/weaviate-grpc 50051:50051 Forwarding from 127.0.0.1:50051 -&gt; 50051 Forwarding from <span class="o">[</span>::1]:50051 -&gt; 50051 <span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# netstat <span class="nt">-tunlp</span> | <span class="nb">grep </span>kubectl tcp 0 0 127.0.0.1:8080 0.0.0.0:<span class="k">*</span> LISTEN 11710/kubectl tcp 0 0 127.0.0.1:50051 0.0.0.0:<span class="k">*</span> LISTEN 12018/kubectl tcp6 0 0 ::1:8080 :::<span class="k">*</span> LISTEN 11710/kubectl tcp6 0 0 ::1:50051 :::<span class="k">*</span> LISTEN 12018/kubectl </code></pre> </div> <p>J’aborde le cas d’une recherche sémantique à l’aide d’un modèle d’intégration avec collecte et importation de données. Pour cela création et exécution du fichier Python suivant :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">(</span><span class="n">weaviate</span><span class="p">)</span> <span class="n">root</span><span class="nd">@kubeai</span><span class="p">:</span><span class="o">~</span><span class="c1"># cat create-collection.py </span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">weaviate</span> <span class="kn">import</span> <span class="n">requests</span> <span class="kn">from</span> <span class="n">weaviate.classes.config</span> <span class="kn">import</span> <span class="n">Configure</span> <span class="c1"># This works due to port forward in previous step </span><span class="k">with</span> <span class="n">weaviate</span><span class="p">.</span><span class="nf">connect_to_local</span><span class="p">(</span><span class="n">port</span><span class="o">=</span><span class="mi">8080</span><span class="p">,</span> <span class="n">grpc_port</span><span class="o">=</span><span class="mi">50051</span><span class="p">)</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="n">client</span><span class="p">.</span><span class="n">collections</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="sh">"</span><span class="s">Question</span><span class="sh">"</span><span class="p">,</span> <span class="n">vectorizer_config</span><span class="o">=</span><span class="n">Configure</span><span class="p">.</span><span class="n">Vectorizer</span><span class="p">.</span><span class="nf">text2vec_openai</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">text-embedding-ada-002</span><span class="sh">"</span><span class="p">,</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">http://kubeai/openai</span><span class="sh">"</span><span class="p">,</span> <span class="p">),</span> <span class="n">generative_config</span><span class="o">=</span><span class="n">Configure</span><span class="p">.</span><span class="n">Generative</span><span class="p">.</span><span class="nf">openai</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-3.5-turbo</span><span class="sh">"</span><span class="p">,</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">http://kubeai/openai</span><span class="sh">"</span><span class="p">,</span> <span class="p">),</span> <span class="p">)</span> <span class="c1"># import data </span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">https://raw.githubusercontent.com/weaviate-tutorials/quickstart/main/data/jeopardy_tiny.json</span><span class="sh">'</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">resp</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># Load data </span> <span class="n">question_objs</span> <span class="o">=</span> <span class="nf">list</span><span class="p">()</span> <span class="k">for</span> <span class="n">i</span><span class="p">,</span> <span class="n">d</span> <span class="ow">in</span> <span class="nf">enumerate</span><span class="p">(</span><span class="n">data</span><span class="p">):</span> <span class="n">question_objs</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">answer</span><span class="sh">"</span><span class="p">:</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">Answer</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">question</span><span class="sh">"</span><span class="p">:</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">Question</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">Category</span><span class="sh">"</span><span class="p">],</span> <span class="p">})</span> <span class="n">questions</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">collections</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Question</span><span class="sh">"</span><span class="p">)</span> <span class="n">questions</span><span class="p">.</span><span class="n">data</span><span class="p">.</span><span class="nf">insert_many</span><span class="p">(</span><span class="n">question_objs</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Data imported successfully</span><span class="sh">"</span><span class="p">)</span> <span class="p">(</span><span class="n">weaviate</span><span class="p">)</span> <span class="n">root</span><span class="nd">@kubeai</span><span class="p">:</span><span class="o">~</span><span class="c1"># python create-collection.py </span><span class="sh">"</span><span class="s">Data imported successfully</span><span class="sh">"</span> </code></pre> </div> <p>On se base sur le petit fichier JSON (questions/réponses sur le jeu Jeopardy).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[{"Category":"SCIENCE","Question":"This organ removes excess glucose from the blood &amp; stores it as glycogen","Answer":"Liver"},{"Category":"ANIMALS","Question":"It's the only living mammal in the order Proboseidea","Answer":"Elephant"},{"Category":"ANIMALS","Question":"The gavial looks very much like a crocodile except for this bodily feature","Answer":"the nose or snout"},{"Category":"ANIMALS","Question":"Weighing around a ton, the eland is the largest species of this animal in Africa","Answer":"Antelope"},{"Category":"ANIMALS","Question":"Heaviest of all poisonous snakes is this North American rattlesnake","Answer":"the diamondback rattler"},{"Category":"SCIENCE","Question":"2000 news: the Gunnison sage grouse isn't just another northern sage grouse, but a new one of this classification","Answer":"species"},{"Category":"SCIENCE","Question":"A metal that is ductile can be pulled into this while cold &amp; under pressure","Answer":"wire"},{"Category":"SCIENCE","Question":"In 1953 Watson &amp; Crick built a model of the molecular structure of this, the gene-carrying substance","Answer":"DNA"},{"Category":"SCIENCE","Question":"Changes in the tropospheric layer of this are what gives us weather","Answer":"the atmosphere"},{"Category":"SCIENCE","Question":"In 70-degree air, a plane traveling at about 1,130 feet per second breaks it","Answer":"Sound barrier"}] </code></pre> </div> <p>La collection est maintenant créée et les données sont importées. Les vecteurs sont générés par KubeAI et stockés dans Weaviate. Je peux effectuer une recherche sémantique en lien avec le terme “biology” qui utilise les intégrations via la création de ce fichier Python :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">(</span><span class="n">weaviate</span><span class="p">)</span> <span class="n">root</span><span class="nd">@kubeai</span><span class="p">:</span><span class="o">~</span><span class="c1"># cat search.py </span><span class="kn">import</span> <span class="n">weaviate</span> <span class="kn">from</span> <span class="n">weaviate.classes.config</span> <span class="kn">import</span> <span class="n">Configure</span> <span class="c1"># This works due to port forward in previous step </span><span class="k">with</span> <span class="n">weaviate</span><span class="p">.</span><span class="nf">connect_to_local</span><span class="p">(</span><span class="n">port</span><span class="o">=</span><span class="mi">8080</span><span class="p">,</span> <span class="n">grpc_port</span><span class="o">=</span><span class="mi">50051</span><span class="p">)</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="n">questions</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">collections</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Question</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">questions</span><span class="p">.</span><span class="n">query</span><span class="p">.</span><span class="nf">near_text</span><span class="p">(</span> <span class="n">query</span><span class="o">=</span><span class="sh">"</span><span class="s">biology</span><span class="sh">"</span><span class="p">,</span> <span class="n">limit</span><span class="o">=</span><span class="mi">2</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">objects</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">properties</span><span class="p">)</span> <span class="c1"># Inspect the first object </span></code></pre> </div> <p>avec la réponse suivante :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# python search.py <span class="o">{</span><span class="s1">'answer'</span>: <span class="s1">'DNA'</span>, <span class="s1">'question'</span>: <span class="s1">'In 1953 Watson &amp; Crick built a model of the molecular structure of this, the gene-carrying substance'</span>, <span class="s1">'category'</span>: <span class="s1">'SCIENCE'</span><span class="o">}</span> </code></pre> </div> <p>Je peux modifier ma recherche sémantique avec le terme “poison” par exemple :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">(</span><span class="n">weaviate</span><span class="p">)</span> <span class="n">root</span><span class="nd">@kubeai</span><span class="p">:</span><span class="o">~</span><span class="c1"># cat search.py </span><span class="kn">import</span> <span class="n">weaviate</span> <span class="kn">from</span> <span class="n">weaviate.classes.config</span> <span class="kn">import</span> <span class="n">Configure</span> <span class="c1"># This works due to port forward in previous step </span><span class="k">with</span> <span class="n">weaviate</span><span class="p">.</span><span class="nf">connect_to_local</span><span class="p">(</span><span class="n">port</span><span class="o">=</span><span class="mi">8080</span><span class="p">,</span> <span class="n">grpc_port</span><span class="o">=</span><span class="mi">50051</span><span class="p">)</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="n">questions</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">collections</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Question</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">questions</span><span class="p">.</span><span class="n">query</span><span class="p">.</span><span class="nf">near_text</span><span class="p">(</span> <span class="n">query</span><span class="o">=</span><span class="sh">"</span><span class="s">poison</span><span class="sh">"</span><span class="p">,</span> <span class="n">limit</span><span class="o">=</span><span class="mi">2</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">objects</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">properties</span><span class="p">)</span> <span class="c1"># Inspect the first object </span> <span class="p">(</span><span class="n">weaviate</span><span class="p">)</span> <span class="n">root</span><span class="nd">@kubeai</span><span class="p">:</span><span class="o">~</span><span class="c1"># python search.py </span><span class="p">{</span><span class="sh">'</span><span class="s">answer</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">the diamondback rattler</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">question</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Heaviest of all poisonous snakes is this North American rattlesnake</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">category</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">ANIMALS</span><span class="sh">'</span><span class="p">}</span> </code></pre> </div> <p>Passons maintenant à la recherche générative, qui utilise le modèle génératif (Génération de texte LLM). Le modèle génératif est exécuté localement et géré par KubeAI. Création d’un fichier nommé generate.pyavec le contenu suivant pour genérer un tweet avec des emojis en lien avec la recherche sémantique précédente (et en utilisant les redirections de port locales) :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="p">(</span><span class="n">weaviate</span><span class="p">)</span> <span class="n">root</span><span class="nd">@kubeai</span><span class="p">:</span><span class="o">~</span><span class="c1"># cat generate.py </span><span class="kn">import</span> <span class="n">weaviate</span> <span class="kn">from</span> <span class="n">weaviate.classes.config</span> <span class="kn">import</span> <span class="n">Configure</span> <span class="c1"># This works due to port forward in previous step </span><span class="k">with</span> <span class="n">weaviate</span><span class="p">.</span><span class="nf">connect_to_local</span><span class="p">(</span><span class="n">port</span><span class="o">=</span><span class="mi">8080</span><span class="p">,</span> <span class="n">grpc_port</span><span class="o">=</span><span class="mi">50051</span><span class="p">)</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="n">questions</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">collections</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Question</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">questions</span><span class="p">.</span><span class="n">generate</span><span class="p">.</span><span class="nf">near_text</span><span class="p">(</span> <span class="n">query</span><span class="o">=</span><span class="sh">"</span><span class="s">biology</span><span class="sh">"</span><span class="p">,</span> <span class="n">limit</span><span class="o">=</span><span class="mi">2</span><span class="p">,</span> <span class="n">grouped_task</span><span class="o">=</span><span class="sh">"</span><span class="s">Write a tweet with emojis about these facts.</span><span class="sh">"</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">generated</span><span class="p">)</span> <span class="c1"># Inspect the generated text </span></code></pre> </div> <p>avec cette réponse …<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# python generate.py 🧬 <span class="k">**</span>Watson &amp; Crick<span class="k">**</span> cracked the code <span class="k">in </span>1953! 🤯 They built a model of DNA, the blueprint of life. 🧬 🧠 <span class="k">**</span>Liver power!<span class="k">**</span> 💪 This organ keeps your blood sugar balanced by storing glucose as glycogen. 🩸 <span class="c">#ScienceFacts #Biology</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftrzx8wa8cqfcqb344owv.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftrzx8wa8cqfcqb344owv.jpg" width="688" height="363"></a></p> <p>L’importation de données a permis d’effectuer des recherches et à générer du contenu à l’aide de modèles gérés par KubeAI. Il est possible de l’utiliser avec LangChain qui facilite la création d’applications basées sur des LLM :</p> <p><a href="https://python.langchain.com/docs/introduction/" rel="noopener noreferrer">Introduction | 🦜️🔗 LangChain</a></p> <p>LangChain peut en effet interagir avec l’API compatible OpenAI de KubeAI. Installation du client Python pour LangChain avec <strong>uv</strong> :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# uv pip <span class="nb">install</span> <span class="nt">-U</span> langchain_openai Using Python 3.12.3 environment at: weaviate Resolved 30 packages <span class="k">in </span>1.32s Prepared 16 packages <span class="k">in </span>93ms Installed 16 packages <span class="k">in </span>7ms + <span class="nv">distro</span><span class="o">==</span>1.9.0 + <span class="nv">jiter</span><span class="o">==</span>0.8.2 + <span class="nv">jsonpatch</span><span class="o">==</span>1.33 + <span class="nv">jsonpointer</span><span class="o">==</span>3.0.0 + langchain-core<span class="o">==</span>0.3.28 + langchain-openai<span class="o">==</span>0.2.14 + <span class="nv">langsmith</span><span class="o">==</span>0.2.6 + <span class="nv">openai</span><span class="o">==</span>1.58.1 + <span class="nv">orjson</span><span class="o">==</span>3.10.13 + <span class="nv">packaging</span><span class="o">==</span>24.2 + <span class="nv">pyyaml</span><span class="o">==</span>6.0.2 + <span class="nv">regex</span><span class="o">==</span>2024.11.6 + requests-toolbelt<span class="o">==</span>1.0.0 + <span class="nv">tenacity</span><span class="o">==</span>9.0.0 + <span class="nv">tiktoken</span><span class="o">==</span>0.8.0 + <span class="nv">tqdm</span><span class="o">==</span>4.67.1 </code></pre> </div> <p>Accession locale à l’API compatible KubeAI OpenAI pour faciliter la tâche via un transfert de port vers le service KubeAI :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# screen <span class="nt">-L</span> <span class="nt">-S</span> kubeai <span class="o">[</span>detached from 15501.kubeai] <span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# <span class="nb">cat </span>screenlog.0 root@kubeai:~# kubectl port-forward svc/kubeai 8000:80 Forwarding from 127.0.0.1:8000 -&gt; 8000 Forwarding from <span class="o">[</span>::1]:8000 -&gt; 8000 <span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# netstat <span class="nt">-tunlp</span> | <span class="nb">grep </span>kubectl tcp 0 0 127.0.0.1:8000 0.0.0.0:<span class="k">*</span> LISTEN 15511/kubectl tcp6 0 0 ::1:8000 :::<span class="k">*</span> LISTEN 15511/kubectl </code></pre> </div> <p>Création d’un fichier Python simple qui utilise LangChain et connecté à KubeAI (c’est cette interface compatible avec OpenAI qui est consommée au lieu de l’API publique OpenAI par défaut) :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">(</span><span class="n">weaviate</span><span class="p">)</span> <span class="n">root</span><span class="nd">@kubeai</span><span class="p">:</span><span class="o">~</span><span class="c1"># cat test-langchain.py </span> <span class="kn">from</span> <span class="n">langchain_openai</span> <span class="kn">import</span> <span class="n">ChatOpenAI</span> <span class="n">llm</span> <span class="o">=</span> <span class="nc">ChatOpenAI</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-3.5-turbo</span><span class="sh">"</span><span class="p">,</span> <span class="n">temperature</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">max_tokens</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">max_retries</span><span class="o">=</span><span class="mi">2</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">thisIsIgnored</span><span class="sh">"</span><span class="p">,</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">http://localhost:8000/openai/v1</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">messages</span> <span class="o">=</span> <span class="p">[</span> <span class="p">(</span> <span class="sh">"</span><span class="s">system</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">You are a helpful assistant in cloud native technologies</span><span class="sh">"</span><span class="p">,</span> <span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">How can i create a kubernetes cluster with k3s ?</span><span class="sh">"</span><span class="p">),</span> <span class="p">]</span> <span class="n">ai_msg</span> <span class="o">=</span> <span class="n">llm</span><span class="p">.</span><span class="nf">invoke</span><span class="p">(</span><span class="n">messages</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">ai_msg</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <p>Je pose une question au LLM embarqué via Ollama sur la création d’un cluster k3s avec cette réponse :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# python test-langchain.py Let<span class="s1">'s get you started with creating a Kubernetes cluster using K3s! **What is K3s?** K3s is a lightweight, production-ready distribution of Kubernetes designed for simplicity and efficiency. It'</span>s ideal <span class="k">for</span>: <span class="k">*</span> <span class="k">**</span>Small to medium-sized deployments:<span class="k">**</span> It excels <span class="k">in </span>environments where resource constraints are a factor. <span class="k">*</span> <span class="k">**</span>Edge computing:<span class="k">**</span> Deploying applications on devices with limited resources. <span class="k">*</span> <span class="k">**</span>DevOps teams:<span class="k">**</span> Its ease of use makes it perfect <span class="k">for </span>rapid prototyping and deployment. <span class="k">**</span>Steps to Create a K3s Cluster<span class="k">**</span> Here<span class="s1">'s a breakdown of the process, along with explanations: 1. **Prerequisites:** * **Hardware:** You'</span>ll need a machine <span class="o">(</span>physical or virtual<span class="o">)</span> capable of running Kubernetes. K3s is designed <span class="k">for </span>low-resource environments. <span class="k">*</span> <span class="k">**</span>Networking:<span class="k">**</span> Ensure your machine has network connectivity and can reach the internet. <span class="k">*</span> <span class="k">**</span>Basic Linux knowledge:<span class="k">**</span> Familiarity with command-line tools like <span class="sb">`</span>curl<span class="sb">`</span>, <span class="sb">`</span>wget<span class="sb">`</span>, and basic terminal navigation will be helpful. 2. <span class="k">**</span>Installation:<span class="k">**</span> <span class="k">*</span> <span class="k">**</span>Download K3s:<span class="k">**</span> Visit the official K3s website <span class="o">([</span>https://k3s.io/]<span class="o">(</span>https://k3s.io/<span class="o">))</span> to download the latest version of K3s <span class="k">for </span>your operating system <span class="o">(</span>e.g., Linux, macOS<span class="o">)</span><span class="nb">.</span> <span class="k">*</span> <span class="k">**</span>Installation:<span class="k">**</span> Follow the instructions provided <span class="k">in </span>the K3s documentation to <span class="nb">install </span>K3s on your machine. You<span class="s1">'ll likely need to use a terminal or command-line interface. 3. **Cluster Configuration:** * **Networking:** Configure your network settings for your K3s cluster (e.g., IP addresses, subnet masks). * **Storage:** Decide how you want to store data within your cluster (e.g., local disk, persistent volumes). * **Security:** Implement security measures like TLS certificates and firewall rules if needed. 4. **Initialization:** * **Start the K3s Cluster:** Use the `k3s` command-line tool to start the cluster. * **Access the Dashboard (Optional):** If you'</span>re using a dashboard, follow the instructions provided by your chosen dashboard provider. 5. <span class="k">**</span>Deploying Applications:<span class="k">**</span> <span class="k">*</span> <span class="k">**</span>kubectl:<span class="k">**</span> Use the <span class="sb">`</span>kubectl<span class="sb">`</span> command-line tool to interact with your K3s cluster and deploy applications. <span class="k">*</span> <span class="k">**</span>YAML Configuration:<span class="k">**</span> Create Kubernetes YAML files <span class="o">(</span>configuration files<span class="o">)</span> <span class="k">for </span>your desired application deployments. <span class="k">**</span>Example Commands:<span class="k">**</span> <span class="c"># Install K3s on Ubuntu</span> curl <span class="nt">-LO</span> https://get.k3s.io/install.sh <span class="nb">chmod</span> +x install.sh ./install.sh <span class="c"># Start the cluster</span> k3s start <span class="k">**</span>Key Advantages of K3s:<span class="k">**</span> <span class="k">*</span> <span class="k">**</span>Simplicity:<span class="k">**</span> K3s is designed <span class="k">for </span>ease of use, making it a great choice <span class="k">for </span>beginners and experienced <span class="nb">users </span>alike. <span class="k">*</span> <span class="k">**</span>Lightweight:<span class="k">**</span> It<span class="s1">'s incredibly efficient, requiring minimal resources to run. This makes it ideal for edge deployments or environments with limited hardware. * **Fast Deployment:** K3s offers quick cluster setup times, allowing you to get your applications running faster. **Additional Resources:** * **K3s Website:** [https://k3s.io/](https://k3s.io/) * **K3s Documentation:** [https://docs.k3s.io/](https://docs.k3s.io/) Let me know if you have any specific questions or want to dive deeper into a particular aspect of K3s! </span></code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkg4i73fdzq055d8rat21.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkg4i73fdzq055d8rat21.png" width="800" height="426"></a></p> <p>Pour plus de visibiliter, j’insère Rancher Server sur ce cluster k3s avec les commandes suivantes :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add rancher-latest https://releases.rancher.com/server-charts/latest kubectl create namespace cattle-system kubectl apply <span class="nt">-f</span> https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.crds.yaml helm repo add jetstack https://charts.jetstack.io helm repo update helm <span class="nb">install </span>cert-manager jetstack/cert-manager <span class="se">\</span> <span class="nt">--namespace</span> cert-manager <span class="se">\</span> <span class="nt">--create-namespace</span> <span class="s2">"rancher-latest"</span> has been added to your repositories namespace/cattle-system created customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created <span class="s2">"jetstack"</span> has been added to your repositories Hang tight <span class="k">while </span>we grab the latest from your chart repositories... ...Successfully got an update from the <span class="s2">"weaviate"</span> chart repository ...Successfully got an update from the <span class="s2">"kubeai"</span> chart repository ...Successfully got an update from the <span class="s2">"jetstack"</span> chart repository ...Successfully got an update from the <span class="s2">"rancher-latest"</span> chart repository Update Complete. ⎈Happy Helming!⎈ NAME: cert-manager LAST DEPLOYED: Mon Dec 30 15:00:45 2024 NAMESPACE: cert-manager STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: cert-manager v1.16.2 has been deployed successfully! In order to begin issuing certificates, you will need to <span class="nb">set </span>up a ClusterIssuer or Issuer resource <span class="o">(</span><span class="k">for </span>example, by creating a <span class="s1">'letsencrypt-staging'</span> issuer<span class="o">)</span><span class="nb">.</span> More information on the different types of issuers and how to configure them can be found <span class="k">in </span>our documentation: https://cert-manager.io/docs/configuration/ For information on how to configure cert-manager to automatically provision Certificates <span class="k">for </span>Ingress resources, take a look at the <span class="sb">`</span>ingress-shim<span class="sb">`</span> documentation: https://cert-manager.io/docs/usage/ingress/ <span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# helm <span class="nb">install </span>rancher rancher-latest/rancher <span class="se">\</span> <span class="nt">--namespace</span> cattle-system <span class="se">\</span> <span class="nt">--set</span> <span class="nb">hostname</span><span class="o">=</span>rancher.164.92.248.129.sslip.io <span class="se">\</span> <span class="nt">--set</span> <span class="nv">replicas</span><span class="o">=</span>1 <span class="se">\</span> <span class="nt">--set</span> <span class="nv">bootstrapPassword</span><span class="o">=</span>nochangeme NAME: rancher LAST DEPLOYED: Mon Dec 30 15:01:59 2024 NAMESPACE: cattle-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: Rancher Server has been installed. NOTE: Rancher may take several minutes to fully initialize. Please standby <span class="k">while </span>Certificates are being issued, Containers are started and the Ingress rule comes up. Check out our docs at https://rancher.com/docs/ If you provided your own bootstrap password during installation, browse to https://rancher.164.92.248.129.sslip.io to get started. If this is the first <span class="nb">time </span>you installed Rancher, get started by running this <span class="nb">command </span>and clicking the URL it generates: <span class="nb">echo </span>https://rancher.164.92.248.129.sslip.io/dashboard/?setup<span class="o">=</span><span class="si">$(</span>kubectl get secret <span class="nt">--namespace</span> cattle-system bootstrap-secret <span class="nt">-o</span> go-template<span class="o">=</span><span class="s1">'{{.data.bootstrapPassword|base64decode}}'</span><span class="si">)</span> To get just the bootstrap password on its own, run: kubectl get secret <span class="nt">--namespace</span> cattle-system bootstrap-secret <span class="nt">-o</span> go-template<span class="o">=</span><span class="s1">'{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'</span> Happy Containering! </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8sm3x9rm8xv55zq9beue.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8sm3x9rm8xv55zq9beue.png" width="800" height="414"></a></p> <p>Je modifie le fichier YAML pour KubeAI pour bénéficier d’un accès à Ollama :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">root@kubeai:~# cat &lt;&lt;EOF &gt; models-helm-values.yaml</span> <span class="na">catalog</span><span class="pi">:</span> <span class="na">gemma2-2b-cpu</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">minReplicas</span><span class="pi">:</span> <span class="m">1</span> <span class="s">EOF</span> <span class="s">root@kubeai:~# helm upgrade kubeai-models kubeai/models \</span> <span class="s">-f ./models-helm-values.yaml</span> <span class="s">Release "kubeai-models" has been upgraded. Happy Helming!</span> <span class="na">NAME</span><span class="pi">:</span> <span class="s">kubeai-models</span> <span class="na">LAST DEPLOYED</span><span class="pi">:</span> <span class="s">Mon Dec 30 15:14:49 </span><span class="m">2024</span> <span class="na">NAMESPACE</span><span class="pi">:</span> <span class="s">default</span> <span class="na">STATUS</span><span class="pi">:</span> <span class="s">deployed</span> <span class="na">REVISION</span><span class="pi">:</span> <span class="m">2</span> <span class="na">TEST SUITE</span><span class="pi">:</span> <span class="s">None</span> <span class="s">root@kubeai:~# helm ls</span> <span class="s">NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION</span> <span class="s">kubeai default 1 2024-12-30 13:47:00.713372779 +0000 UTC deployed kubeai-0.10.0 v0.12.0</span> <span class="s">kubeai-models default 2 2024-12-30 15:14:49.154697606 +0000 UTC deployed models-0.10.0 1.16.0</span> <span class="s">weaviate default 1 2024-12-30 13:51:48.357464607 +0000 UTC deployed weaviate-17.3.3 1.27.8</span> </code></pre> </div> <p>Avec de nouveau une redirection locale de port pour accéder à Open WebUI (intégré à KubeAI), une interface utilisateur extensible, riche en fonctionnalités et conviviale, conçue pour fonctionner entièrement hors ligne. Elle prend en charge différents runners LLM, y compris Ollama et les API compatibles avec OpenAI :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>weaviate<span class="o">)</span> root@kubeai:~# kubectl port-forward service/openwebui 10000:80 <span class="nt">--address</span><span class="o">=</span><span class="s1">'0.0.0.0'</span> Forwarding from 0.0.0.0:10000 -&gt; 8080 Handling connection <span class="k">for </span>10000 Handling connection <span class="k">for </span>10000 Handling connection <span class="k">for </span>10000 </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fattiyx4uciibdl19vjow.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fattiyx4uciibdl19vjow.png" width="800" height="422"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4m1arrwafi8hxfhts00s.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4m1arrwafi8hxfhts00s.png" width="800" height="422"></a></p> <p>Accession à l’interface utilisateur d’Open WebUI :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wf5gifjmbpms4lidpi4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wf5gifjmbpms4lidpi4.png" width="800" height="422"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn90dhpi638y0wjtg48i4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn90dhpi638y0wjtg48i4.png" width="800" height="422"></a></p> <p>C’est ce petit LLM utilisé précedemment qui est encore mis en oeuvre ici :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiwiujszyk0artcaz8pkt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiwiujszyk0artcaz8pkt.png" width="800" height="427"></a></p> <p>J’effectue alors une recherche sur la base d’un document PDF extrait de la documentation officielle de k3s via cette interface …</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzw2vrf8h3jtxbt51d0fp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzw2vrf8h3jtxbt51d0fp.png" width="800" height="206"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fklxp3f4y3odwtj74685w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fklxp3f4y3odwtj74685w.png" width="800" height="419"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyp218jvkukxst4mfveg0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyp218jvkukxst4mfveg0.png" width="800" height="380"></a></p> <p>Dans cet article, j’ai utiliser uniquement des modèles CPU (il devrait donc fonctionner même sur votre ordinateur portable) qui fait que KubeAI peut fonctionner sur votre matériel existant, réduisant ainsi le besoin de payer pour des intégrations et des modèles génératifs.</p> <blockquote> <p>KubeAI s’exécute localement dans votre cluster Kubernetes, de sorte que vos données ne quittent jamais votre infrastructure. Vous pouvez facilement changer ou mettre à jour les modèles utilisés sans modifier votre code applicatif et KubeAI permet une mise à l’échelle automatique des modèles en fonction de la charge.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffamolmuic9b22p2hck98.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffamolmuic9b22p2hck98.jpg" width="500" height="500"></a></p> <p>En conclusion, on a vu que l’utilisation combinée de KubeAI et Weaviate offre une solution robuste et flexible pour implémenter le RAG de manière privée et évolutive. Cette approche permet aux entreprises de bénéficier des avancées de l’IA tout en gardant le contrôle sur leurs données et leur infrastructure …</p> <p>À suivre !</p> kubernetes devops generativeaitools ai Karim Sat, 28 Dec 2024 14:57:15 +0000 https://forem.com/deep75/aiops-deboguer-son-cluster-kubernetes-en-utilisant-lintelligence-artificielle-generative-via-52hc https://forem.com/deep75/aiops-deboguer-son-cluster-kubernetes-en-utilisant-lintelligence-artificielle-generative-via-52hc <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgkh7c5xhq3ppoc9vd6sc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgkh7c5xhq3ppoc9vd6sc.png" width="800" height="441"></a></p> <p>Les avancées dans l’Intelligence Artificielle Générative et sa mise en oeuvre simplifiée via certains outils, transforment profondément la gestion des clusters Kubernetes via ce concept d’ <strong>AIOps</strong> (acronyme anglais de <em>Artificial Intelligence for IT Operations</em>) énoncé par Gartner, un processus dans lequel vous utilisez des techniques d’intelligence artificielle (IA) pour maintenir par exemple une infrastructure. L’un des domaines dans lesquels les ingénieurs DevOps et les opérateurs de cluster débutants sont souvent confrontés, est relatif aux défis de l’identification, de la compréhension et de la résolution de problèmes au sein d’un cluster Kubernetes …</p> <ul> <li><a href="https://fr.wikipedia.org/wiki/AIOps" rel="noopener noreferrer">AIOps - Wikipédia</a></li> <li><a href="https://aws.amazon.com/fr/what-is/aiops/" rel="noopener noreferrer">Qu'est-ce que l'intelligence artificielle pour les opérations informatiques (AIOps) ? - Explication de l'intelligence artificielle pour les opérations informatiques - AWS</a></li> <li><a href="https://fr.wikipedia.org/wiki/Intelligence_artificielle_g%C3%A9n%C3%A9rative" rel="noopener noreferrer">Intelligence artificielle générative - Wikipédia</a></li> </ul> <p>Dans cet article, nous allons donc explorer comment configurer et utiliser K8sGPT, un outil open source basé sur l’IA générative, en combinaison avec Ollama et le modèle Falcon3, pour identifier et résoudre les problèmes dans un cluster Kubernetes.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Farqjpdvdpmto52nxapf9.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Farqjpdvdpmto52nxapf9.jpg" width="702" height="395"></a></p> <p>Pour cela, je pars ici d’une instance Ubuntu 24.04 LTS dans DigitalOcean :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7zrqymvyql1hvx6kvipc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7zrqymvyql1hvx6kvipc.png" width="800" height="346"></a></p> <p>En y installant localement le moteur Docker …<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# curl <span class="nt">-fsSL</span> https://get.docker.com | sh - <span class="c"># Executing docker install script, commit: 4c94a56999e10efcf48c5b8e3f6afea464f9108e</span> + sh <span class="nt">-c</span> apt-get <span class="nt">-qq</span> update <span class="o">&gt;</span>/dev/null + sh <span class="nt">-c</span> <span class="nv">DEBIAN_FRONTEND</span><span class="o">=</span>noninteractive apt-get <span class="nt">-y</span> <span class="nt">-qq</span> <span class="nb">install </span>ca-certificates curl <span class="o">&gt;</span>/dev/null Scanning processes... Scanning candidates... Scanning linux images... + sh <span class="nt">-c</span> <span class="nb">install</span> <span class="nt">-m</span> 0755 <span class="nt">-d</span> /etc/apt/keyrings + sh <span class="nt">-c</span> curl <span class="nt">-fsSL</span> <span class="s2">"https://download.docker.com/linux/ubuntu/gpg"</span> <span class="nt">-o</span> /etc/apt/keyrings/docker.asc + sh <span class="nt">-c</span> <span class="nb">chmod </span>a+r /etc/apt/keyrings/docker.asc + sh <span class="nt">-c</span> <span class="nb">echo</span> <span class="s2">"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu noble stable"</span> <span class="o">&gt;</span> /etc/apt/sources.list.d/docker.list + sh <span class="nt">-c</span> apt-get <span class="nt">-qq</span> update <span class="o">&gt;</span>/dev/null + sh <span class="nt">-c</span> <span class="nv">DEBIAN_FRONTEND</span><span class="o">=</span>noninteractive apt-get <span class="nt">-y</span> <span class="nt">-qq</span> <span class="nb">install </span>docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin <span class="o">&gt;</span>/dev/null Scanning processes... Scanning candidates... Scanning linux images... + sh <span class="nt">-c</span> docker version Client: Docker Engine - Community Version: 27.4.1 API version: 1.47 Go version: go1.22.10 Git commit: b9d17ea Built: Tue Dec 17 15:45:46 2024 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 27.4.1 API version: 1.47 <span class="o">(</span>minimum version 1.24<span class="o">)</span> Go version: go1.22.10 Git commit: c710b88 Built: Tue Dec 17 15:45:46 2024 OS/Arch: linux/amd64 Experimental: <span class="nb">false </span>containerd: Version: 1.7.24 GitCommit: 88bf19b2105c8b17560993bee28a01ddc2f97182 runc: Version: 1.2.2 GitCommit: v1.2.2-0-g7cb3632 docker-init: Version: 0.19.0 GitCommit: de40ad0 <span class="o">================================================================================</span> To run Docker as a non-privileged user, consider setting up the Docker daemon <span class="k">in </span>rootless mode <span class="k">for </span>your user: dockerd-rootless-setuptool.sh <span class="nb">install </span>Visit https://docs.docker.com/go/rootless/ to learn about rootless mode. To run the Docker daemon as a fully privileged service, but granting non-root <span class="nb">users </span>access, refer to https://docs.docker.com/go/daemon-access/ WARNING: Access to the remote API on a privileged Docker daemon is equivalent to root access on the host. Refer to the <span class="s1">'Docker daemon attack surface'</span> documentation <span class="k">for </span>details: https://docs.docker.com/go/attack-surface/ <span class="o">================================================================================</span> </code></pre> </div> <p>Et je suis capable d’y lancer directmeent Ollama via son image officiellle pour exécuter des modèles de langage de grande taille (LLM) localement en y utilisant les CPU premium d’Intel présents dans l’instance Ubuntu :</p> <p><a href="https://ollama.com/blog/ollama-is-now-available-as-an-official-docker-image" rel="noopener noreferrer">Ollama is now available as an official Docker image · Ollama Blog</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F63otespo1eim2bc9f7sn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F63otespo1eim2bc9f7sn.png" width="800" height="407"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# docker run <span class="nt">-d</span> <span class="nt">-v</span> ollama:/root/.ollama <span class="nt">-p</span> 11434:11434 <span class="nt">--name</span> ollama ollama/ollama:latest Unable to find image <span class="s1">'ollama/ollama:latest'</span> locally latest: Pulling from ollama/ollama 6414378b6477: Pull <span class="nb">complete </span>9423a26b200c: Pull <span class="nb">complete </span>629da9618c4f: Pull <span class="nb">complete </span>00b71e3f044c: Pull <span class="nb">complete </span>Digest: sha256:18bfb1d605604fd53dcad20d0556df4c781e560ebebcd923454d627c994a0e37 Status: Downloaded newer image <span class="k">for </span>ollama/ollama:latest 7b09d9fcdacff4319e553c41f741a15266eb5a5ec745959363e7754c53a203ef <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# docker ps <span class="nt">-a</span> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7b09d9fcdacf ollama/ollama:latest <span class="s2">"/bin/ollama serve"</span> About a minute ago Up About a minute 0.0.0.0:11434-&gt;11434/tcp, :::11434-&gt;11434/tcp ollama <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# netstat <span class="nt">-tunlp</span> Active Internet connections <span class="o">(</span>only servers<span class="o">)</span> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:11434 0.0.0.0:<span class="k">*</span> LISTEN 46227/docker-proxy tcp 0 0 127.0.0.54:53 0.0.0.0:<span class="k">*</span> LISTEN 744/systemd-resolve tcp 0 0 127.0.0.53:53 0.0.0.0:<span class="k">*</span> LISTEN 744/systemd-resolve tcp6 0 0 :::22 :::<span class="k">*</span> LISTEN 1/init tcp6 0 0 :::11434 :::<span class="k">*</span> LISTEN 46235/docker-proxy udp 0 0 127.0.0.54:53 0.0.0.0:<span class="k">*</span> 744/systemd-resolve udp 0 0 127.0.0.53:53 0.0.0.0:<span class="k">*</span> 744/systemd-resolve </code></pre> </div> <p>Et en y chargeant le grand modèle <strong>Falcon 3</strong> développé par le Technology Innovation Institute (TII) d’Abu Dhab et présent dans la bibliothèque de grands modèles d’Ollama :</p> <ul> <li><a href="https://huggingface.co/blog/falcon3" rel="noopener noreferrer">Welcome to the Falcon 3 Family of Open Models!</a></li> <li> <a href="https://ollama.com/library/falcon3" rel="noopener noreferrer">falcon3</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# docker <span class="nb">exec</span> <span class="nt">-it</span> ollama ollama pull falcon3 pulling manifest pulling 3717a52b7aea... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 4.6 GB pulling 803b5adc3448... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 218 B pulling 58f83c52a4e3... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 13 KB pulling 35e31ed4c388... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 101 B pulling acb75345e14b... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 487 B verifying sha256 digest writing manifest success <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# docker <span class="nb">exec</span> <span class="nt">-it</span> ollama ollama list NAME ID SIZE MODIFIED falcon3:latest 472ea1c89f64 4.6 GB 11 seconds ago </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdj090473n9bzx20drlo9.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdj090473n9bzx20drlo9.jpg" width="735" height="500"></a></p> <p>Je peux à cette étape y charger K8sGPT, un outil pour scanner vos clusters kubernetes, diagnostiquer et trier les problèmes en anglais simple. Il dispose d’une expérience SRE codifiée dans ses analyseurs et aide à extraire les informations les plus pertinentes pour les enrichir avec de l’IA générative.</p> <p><strong>K8sGPT fonctionne en trois étapes</strong> :</p> <ul> <li>Extraction : Récupération des détails de configuration de toutes les charges de travail déployées dans le cluster.</li> <li>Filtration : Un composant appelé « analyzer » filtre les données nécessaires.</li> <li>Génération : Les données filtrées sont traitées pour générer des insights et des rapports en anglais simple.</li> </ul> <p><a href="https://k8sgpt.ai/" rel="noopener noreferrer">K8sGPT</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# curl <span class="nt">-LO</span> https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.48/k8sgpt_amd64.deb % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- 0 100 34.5M 100 34.5M 0 0 30.5M 0 0:00:01 0:00:01 <span class="nt">--</span>:--:-- 30.5M <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# dpkg <span class="nt">-i</span> k8sgpt_amd64.deb <span class="o">(</span>Reading database ... 74447 files and directories currently installed.<span class="o">)</span> Preparing to unpack k8sgpt_amd64.deb ... Unpacking k8sgpt <span class="o">(</span>0.3.48<span class="o">)</span> over <span class="o">(</span>0.3.48<span class="o">)</span> ... Setting up k8sgpt <span class="o">(</span>0.3.48<span class="o">)</span> ... <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# k8sgpt Kubernetes debugging powered by AI Usage: k8sgpt <span class="o">[</span><span class="nb">command</span><span class="o">]</span> Available Commands: analyze This <span class="nb">command </span>will find problems within your Kubernetes cluster auth Authenticate with your chosen backend cache For working with the cache the results of an analysis completion Generate the autocompletion script <span class="k">for </span>the specified shell custom-analyzer Manage a custom analyzer dump Creates a dumpfile <span class="k">for </span>debugging issues with K8sGPT filters Manage filters <span class="k">for </span>analyzing Kubernetes resources generate Generate Key <span class="k">for </span>your chosen backend <span class="o">(</span>opens browser<span class="o">)</span> <span class="nb">help </span>Help about any <span class="nb">command </span>integration Integrate another tool into K8sGPT serve Runs k8sgpt as a server version Print the version number of k8sgpt Flags: <span class="nt">--config</span> string Default config file <span class="o">(</span>/root/.config/k8sgpt/k8sgpt.yaml<span class="o">)</span> <span class="nt">-h</span>, <span class="nt">--help</span> <span class="nb">help </span><span class="k">for </span>k8sgpt <span class="nt">--kubeconfig</span> string Path to a kubeconfig. Only required <span class="k">if </span>out-of-cluster. <span class="nt">--kubecontext</span> string Kubernetes context to use. Only required <span class="k">if </span>out-of-cluster. Use <span class="s2">"k8sgpt [command] --help"</span> <span class="k">for </span>more information about a command. </code></pre> </div> <p>La ligne de commande est alors disponible pour y vérifier les fournisseurs disponibles localement dans cette instance :</p> <p><a href="https://docs.k8sgpt.ai/getting-started/installation/" rel="noopener noreferrer">Installation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# k8sgpt auth list Default: <span class="o">&gt;</span> openai Active: Unused: <span class="o">&gt;</span> openai <span class="o">&gt;</span> localai <span class="o">&gt;</span> ollama <span class="o">&gt;</span> azureopenai <span class="o">&gt;</span> cohere <span class="o">&gt;</span> amazonbedrock <span class="o">&gt;</span> amazonsagemaker <span class="o">&gt;</span> google <span class="o">&gt;</span> noopai <span class="o">&gt;</span> huggingface <span class="o">&gt;</span> googlevertexai <span class="o">&gt;</span> oci <span class="o">&gt;</span> ibmwatsonxai </code></pre> </div> <p>Ollama sera utilisé comme fournisseur de backend IA pour K8sGPT au travers de LocalAI (qui agit comme l’API REST de remplacement compatible avec les spécifications de l’API OpenAI pour une inférence locale).</p> <ul> <li><a href="https://docs.k8sgpt.ai/reference/providers/backend/" rel="noopener noreferrer">Overview - k8sgpt</a></li> <li><a href="https://localai.io/" rel="noopener noreferrer">Overview</a></li> </ul> <p>Voici la commande pour configurer K8sGPT avec Ollama et le modèle Falcon3 :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# k8sgpt auth add <span class="nt">--backend</span> localai <span class="nt">--model</span> falcon3 <span class="nt">--baseurl</span> http://localhost:11434/v1 localai added to the AI backend provider list </code></pre> </div> <p>Je lance un cluster Kubernetes managé sur DigitalOcean via DigitalOcean Kubernetes (DOKS) :</p> <p><a href="https://www.digitalocean.com/products/kubernetes" rel="noopener noreferrer">DigitalOcean Managed Kubernetes | Starting at $12/mo.</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faos1tnx61pmo5peitq3c.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faos1tnx61pmo5peitq3c.png" width="800" height="336"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2p475kg5u09w817llvsw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2p475kg5u09w817llvsw.png" width="800" height="287"></a></p> <p>Récupération du fichier <strong><em>Kubeconfig</em></strong> depuis ce cluster pour l’insérer localement sur l’instance Ubuntu pour l’utiliser avec le client <strong><em>Kubectl</em></strong> :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fak00u03odvqku9bwvhtr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fak00u03odvqku9bwvhtr.png" width="800" height="528"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# curl <span class="nt">-LO</span> https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl <span class="o">&amp;&amp;</span> <span class="nb">chmod</span> +x ./kubectl <span class="o">&amp;&amp;</span> <span class="nb">mv </span>kubectl /usr/local/bin/ <span class="o">&amp;&amp;</span> kubectl % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 138 100 138 0 0 1000 0 <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- 1007 100 54.6M 100 54.6M 0 0 120M 0 <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- 120M kubectl controls the Kubernetes cluster manager. Find more information at: https://kubernetes.io/docs/reference/kubectl/ Basic Commands <span class="o">(</span>Beginner<span class="o">)</span>: create Create a resource from a file or from stdin expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service run Run a particular image on the cluster <span class="nb">set </span>Set specific features on objects Basic Commands <span class="o">(</span>Intermediate<span class="o">)</span>: explain Get documentation <span class="k">for </span>a resource get Display one or many resources edit Edit a resource on the server delete Delete resources by file names, stdin, resources and names, or by resources and label selector Deploy Commands: rollout Manage the rollout of a resource scale Set a new size <span class="k">for </span>a deployment, replica <span class="nb">set</span>, or replication controller autoscale Auto-scale a deployment, replica <span class="nb">set</span>, stateful <span class="nb">set</span>, or replication controller Cluster Management Commands: certificate Modify certificate resources cluster-info Display cluster information top Display resource <span class="o">(</span>CPU/memory<span class="o">)</span> usage cordon Mark node as unschedulable uncordon Mark node as schedulable drain Drain node <span class="k">in </span>preparation <span class="k">for </span>maintenance taint Update the taints on one or more nodes Troubleshooting and Debugging Commands: describe Show details of a specific resource or group of resources logs Print the logs <span class="k">for </span>a container <span class="k">in </span>a pod attach Attach to a running container <span class="nb">exec </span>Execute a <span class="nb">command </span><span class="k">in </span>a container port-forward Forward one or more <span class="nb">local </span>ports to a pod proxy Run a proxy to the Kubernetes API server <span class="nb">cp </span>Copy files and directories to and from containers auth Inspect authorization debug Create debugging sessions <span class="k">for </span>troubleshooting workloads and nodes events List events Advanced Commands: diff Diff the live version against a would-be applied version apply Apply a configuration to a resource by file name or stdin patch Update fields of a resource replace Replace a resource by file name or stdin <span class="nb">wait </span>Experimental: Wait <span class="k">for </span>a specific condition on one or many resources kustomize Build a kustomization target from a directory or URL Settings Commands: label Update the labels on a resource annotate Update the annotations on a resource completion Output shell completion code <span class="k">for </span>the specified shell <span class="o">(</span>bash, zsh, fish, or powershell<span class="o">)</span> Subcommands provided by plugins: Other Commands: api-resources Print the supported API resources on the server api-versions Print the supported API versions on the server, <span class="k">in </span>the form of <span class="s2">"group/version"</span> config Modify kubeconfig files plugin Provides utilities <span class="k">for </span>interacting with plugins version Print the client and server version information Usage: kubectl <span class="o">[</span>flags] <span class="o">[</span>options] Use <span class="s2">"kubectl &lt;command&gt; --help"</span> <span class="k">for </span>more information about a given command. Use <span class="s2">"kubectl options"</span> <span class="k">for </span>a list of global command-line options <span class="o">(</span>applies to all commands<span class="o">)</span><span class="nb">.</span> <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# kubectl cluster-info Kubernetes control plane is running at https://738af175-32d4-43e9-9e31-b7ae3058be3e.k8s.ondigitalocean.com CoreDNS is running at https://738af175-32d4-43e9-9e31-b7ae3058be3e.k8s.ondigitalocean.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# kubectl get nodes <span class="nt">-o</span> wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME pool-kuaxj3k47-ejvl3 Ready &lt;none&gt; 6m40s v1.31.1 10.110.0.3 159.65.200.52 Debian GNU/Linux 12 <span class="o">(</span>bookworm<span class="o">)</span> 6.1.0-27-amd64 containerd://1.6.31 pool-kuaxj3k47-ejvl8 Ready &lt;none&gt; 6m38s v1.31.1 10.110.0.2 164.92.147.176 Debian GNU/Linux 12 <span class="o">(</span>bookworm<span class="o">)</span> 6.1.0-27-amd64 containerd://1.6.31 <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# kubectl get po,svc <span class="nt">-A</span> NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/cilium-4gxht 1/1 Running 0 6m46s kube-system pod/cilium-lw8gd 1/1 Running 0 6m48s kube-system pod/coredns-c5c6457c-bnzfc 0/1 Running 0 36s kube-system pod/coredns-c5c6457c-nz6gr 0/1 Running 0 36s kube-system pod/cpc-bridge-proxy-ebpf-7ncbq 1/1 Running 0 55s kube-system pod/cpc-bridge-proxy-ebpf-qth8w 1/1 Running 0 55s kube-system pod/hubble-relay-67597fb8-kmlw5 1/1 Running 1 <span class="o">(</span>51s ago<span class="o">)</span> 8m40s kube-system pod/hubble-ui-79957d9f7b-4n9kj 2/2 Running 0 74s kube-system pod/konnectivity-agent-7ml7p 1/1 Running 0 61s kube-system pod/konnectivity-agent-tnf8j 1/1 Running 0 61s kube-system pod/kube-proxy-ebpf-4gt2z 1/1 Running 0 6m48s kube-system pod/kube-proxy-ebpf-ztjql 1/1 Running 0 6m46s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default service/kubernetes ClusterIP 10.108.32.1 &lt;none&gt; 443/TCP 9m54s kube-system service/hubble-peer ClusterIP 10.108.54.62 &lt;none&gt; 443/TCP 8m40s kube-system service/hubble-relay ClusterIP 10.108.41.20 &lt;none&gt; 80/TCP 8m40s kube-system service/hubble-ui ClusterIP 10.108.52.164 &lt;none&gt; 80/TCP 8m40s kube-system service/kube-dns ClusterIP 10.108.32.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 36s </code></pre> </div> <p>Installation d’Headlamp, une interface web qui remplace le dashboard traditionnel de Kubernetes, facile à utiliser et extensible.</p> <ul> <li><a href="https://headlamp.dev/" rel="noopener noreferrer">Headlamp</a></li> <li><a href="https://github.com/headlamp-k8s/headlamp" rel="noopener noreferrer">GitHub - headlamp-k8s/headlamp: A Kubernetes web UI that is fully-featured, user-friendly and extensible</a></li> </ul> <blockquote> <p>Headlamp a été créé pour combiner les fonctionnalités traditionnelles des autres interfaces web et tableaux de bord (c’est-à-dire pour lister et visualiser les ressources) avec des fonctionnalités supplémentaires.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/kinvolk/headlamp/main/kubernetes-headlamp.yaml service/headlamp created deployment.apps/headlamp created secret/headlamp-admin created <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# kubectl get po,svc <span class="nt">-n</span> kube-system NAME READY STATUS RESTARTS AGE pod/cilium-4gxht 1/1 Running 0 11m pod/cilium-lw8gd 1/1 Running 0 11m pod/coredns-c5c6457c-bnzfc 1/1 Running 0 5m7s pod/coredns-c5c6457c-nz6gr 1/1 Running 0 5m7s pod/cpc-bridge-proxy-ebpf-7ncbq 1/1 Running 0 5m26s pod/cpc-bridge-proxy-ebpf-qth8w 1/1 Running 0 5m26s pod/csi-do-node-gxlmb 2/2 Running 0 4m24s pod/csi-do-node-swqfv 2/2 Running 0 4m24s pod/do-node-agent-7bgsh 1/1 Running 0 4m11s pod/do-node-agent-hwt6l 1/1 Running 0 4m11s pod/headlamp-7dfd97b98b-wmn66 1/1 Running 0 48s pod/hubble-relay-67597fb8-kmlw5 1/1 Running 1 <span class="o">(</span>5m22s ago<span class="o">)</span> 13m pod/hubble-ui-79957d9f7b-4n9kj 2/2 Running 0 5m45s pod/konnectivity-agent-7ml7p 1/1 Running 0 5m32s pod/konnectivity-agent-tnf8j 1/1 Running 0 5m32s pod/kube-proxy-ebpf-4gt2z 1/1 Running 0 11m pod/kube-proxy-ebpf-ztjql 1/1 Running 0 11m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE service/headlamp ClusterIP 10.108.38.247 &lt;none&gt; 80/TCP 48s service/hubble-peer ClusterIP 10.108.54.62 &lt;none&gt; 443/TCP 13m service/hubble-relay ClusterIP 10.108.41.20 &lt;none&gt; 80/TCP 13m service/hubble-ui ClusterIP 10.108.52.164 &lt;none&gt; 80/TCP 13m service/kube-dns ClusterIP 10.108.32.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 5m7s </code></pre> </div> <p>en l’exposant localement et récupérant la clé nécessaire à l’accès à son interface web :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# <span class="nb">nohup </span>kubectl port-forward <span class="nt">-n</span> kube-system service/headlamp 8080:80 &amp; <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# <span class="nb">cat </span>nohup.out Forwarding from 127.0.0.1:8080 -&gt; 4466 Forwarding from <span class="o">[</span>::1]:8080 -&gt; 4466 <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# kubectl <span class="nt">-n</span> kube-system create serviceaccount headlamp-admin serviceaccount/headlamp-admin created <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# kubectl create clusterrolebinding headlamp-admin <span class="nt">--serviceaccount</span><span class="o">=</span>kube-system:headlamp-admin <span class="nt">--clusterrole</span><span class="o">=</span>cluster-admin clusterrolebinding.rbac.authorization.k8s.io/headlamp-admin created <span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# kubectl create token headlamp-admin <span class="nt">-n</span> kube-system eyJhbGciOiJSUzI1NiIsImtpZCI6Ikd0UHltNHV6c1liSkY0VkhNRWFZMXJKYklqY1R6ckZrMDZQS281dEg3dUUifQ.eyJhdWQiOlsic3lzdGVtOmtvbm5lY3Rpdml0eS1zZXJ2ZXIiXSwiZXhwIjoxNzM1MzkyNDEwLCJpYXQiOjE3MzUzODg4MTAsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiNTVkNjI1ZTItNjA2Yi00MTNhLTk2OTgtODFmYjdjZDU4MWY4Iiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJoZWFkbGFtcC1hZG1pbiIsInVpZCI6IjdmOGQwMTU0LWRiYWQtNGU2MS04NTUzLWU1NWI3ZWU0ZjhlOSJ9fSwibmJmIjoxNzM1Mzg4ODEwLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06aGVhZGxhbXAtYWRtaW4ifQ.jbrtuXS7uMP6HfwR3CbIbnpRTq4CDaacq0okwm_4tvmJNNcExi9-Dti3cGj1J3tteszpxVzurWPhrWgFlL4UkEacY9fD1TRH4GAZDCFldJ_jvyeaclzGeymrjEGAZ9TbBdoyuXtLeIVhApdICF1KNM-s8mfr1oOREDwlR9HzzrhoECozYxVS9uM1WIEZpum4FwMEl6cKPqOyNx1Rn5MtKPcc87JyK0FxuXzg9WC-cPSNOxu_rUFrZYHyrVapCDpl_XLymD3pFUUuB8XPVidVXcVOthH1Djwm8TRE6aAD4XlkHTcyTYchvN_CpOI2JQ6DVY60unSU8nq2pxfqLC6G2Q </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw7l2s2c29z8ubvf7m8a5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw7l2s2c29z8ubvf7m8a5.png" width="800" height="379"></a></p> <p>Avant de lancer une analyse via K8sGPT, introduction d’un problème dans le cluster Kubernetes pour simuler une situation réelle. Vous pouvez utiliser des exemples de déploiements défectueux disponibles sur des répositories comme celui de Robusta :</p> <p><a href="https://github.com/robusta-dev/kubernetes-demos" rel="noopener noreferrer">GitHub - robusta-dev/kubernetes-demos: YAMLs for creating Kubernetes errors and other scenarios</a></p> <p>Exemple avec ce déploiement d’un Pod cassé via :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">payment-processing-worker</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">payment-processing-worker</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">payment-processing-worker</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">payment-processing-container</span> <span class="na">image</span><span class="pi">:</span> <span class="s">bash</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/bin/sh"</span><span class="pi">]</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">if</span><span class="nv"> </span><span class="s">[[-z</span><span class="nv"> </span><span class="se">\"</span><span class="s">${DEPLOY_ENV}</span><span class="se">\"</span><span class="s">]];</span><span class="nv"> </span><span class="s">then</span><span class="nv"> </span><span class="s">echo</span><span class="nv"> </span><span class="s">Environment</span><span class="nv"> </span><span class="s">variable</span><span class="nv"> </span><span class="s">DEPLOY_ENV</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">undefined</span><span class="nv"> </span><span class="s">;</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">while</span><span class="nv"> </span><span class="s">true;</span><span class="nv"> </span><span class="s">do</span><span class="nv"> </span><span class="s">echo</span><span class="nv"> </span><span class="s">hello;</span><span class="nv"> </span><span class="s">sleep</span><span class="nv"> </span><span class="s">10;done;</span><span class="nv"> </span><span class="s">fi"</span><span class="pi">]</span> <span class="s">base) root@k8sgpt:~# kubectl apply -f https://raw.githubusercontent.com/robusta-dev/kubernetes-demos/main/crashpod/broken.yaml</span> <span class="s">deployment.apps/payment-processing-worker created</span> <span class="s">(base) root@k8sgpt:~# kubectl get po</span> <span class="s">NAME READY STATUS RESTARTS AGE</span> <span class="s">payment-processing-worker-747ccfb9db-dzjqx 0/1 CrashLoopBackOff 1 (11s ago) 17s</span> <span class="s">(base) root@k8sgpt:~# kubectl logs po/payment-processing-worker-747ccfb9db-dzjqx</span> <span class="s">Environment variable DEPLOY_ENV is undefined</span> </code></pre> </div> <p>Il s’est en effet crashé …</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fadj78ma4diwfdqrt0wx2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fadj78ma4diwfdqrt0wx2.png" width="800" height="407"></a></p> <p>Lancement de l’analyse avec une sortie en JSON :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">(base)</span><span class="w"> </span><span class="err">root@k</span><span class="mi">8</span><span class="err">sgpt:~#</span><span class="w"> </span><span class="err">k</span><span class="mi">8</span><span class="err">sgpt</span><span class="w"> </span><span class="err">analyze</span><span class="w"> </span><span class="err">-o</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="err">--explain</span><span class="w"> </span><span class="err">--filter=Pod</span><span class="w"> </span><span class="err">--backend</span><span class="w"> </span><span class="err">localai</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="err">jq</span><span class="w"> </span><span class="err">.</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"provider"</span><span class="p">:</span><span class="w"> </span><span class="s2">"localai"</span><span class="p">,</span><span class="w"> </span><span class="nl">"errors"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ProblemDetected"</span><span class="p">,</span><span class="w"> </span><span class="nl">"problems"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"results"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"kind"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Pod"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"default/payment-processing-worker-747ccfb9db-dzjqx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Text"</span><span class="p">:</span><span class="w"> </span><span class="s2">"the last termination reason is Completed container=payment-processing-container pod=payment-processing-worker-747ccfb9db-dzjqx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"KubernetesDoc"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"Sensitive"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"details"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Error: The pod </span><span class="se">\"</span><span class="s2">payment-processing-worker-747ccfb9db-dzjqx</span><span class="se">\"</span><span class="s2"> has completed its execution with a </span><span class="se">\"</span><span class="s2">Completed</span><span class="se">\"</span><span class="s2"> termination reason, indicating the container </span><span class="se">\"</span><span class="s2">payment-processing-container</span><span class="se">\"</span><span class="s2"> has finished successfully.</span><span class="se">\n\n</span><span class="s2">Solution: Verify the logs for the container to ensure data integrity, then check related services for expected outcomes; if successful, mark the pod as ready in the cluster."</span><span class="p">,</span><span class="w"> </span><span class="nl">"parentObject"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Deployment/payment-processing-worker"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>ou en mode texte :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# k8sgpt analyze <span class="nt">--explain</span> <span class="nt">--backend</span> localai <span class="nt">--with-doc</span> 100% |████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| <span class="o">(</span>1/1, 7960 it/s<span class="o">)</span> AI Provider: localai 0: Pod default/payment-processing-worker-747ccfb9db-dzjqx<span class="o">(</span>Deployment/payment-processing-worker<span class="o">)</span> - Error: the last termination reason is Completed <span class="nv">container</span><span class="o">=</span>payment-processing-container <span class="nv">pod</span><span class="o">=</span>payment-processing-worker-747ccfb9db-dzjqx Error: The pod <span class="s2">"payment-processing-worker-747ccfb9db-dzjqx"</span> has completed its execution with a <span class="s2">"Completed"</span> termination reason, indicating the container <span class="s2">"payment-processing-container"</span> has finished successfully. Solution: Verify the logs <span class="k">for </span>the container to ensure data integrity, <span class="k">then </span>check related services <span class="k">for </span>expected outcomes<span class="p">;</span> <span class="k">if </span>successful, mark the pod as ready <span class="k">in </span>the cluster. </code></pre> </div> <p>Comme le montre cette sortie, K8sGPT a identifié et signalé le pod problématique et a également fourni des conseils sur les mesures potentielles à prendre pour comprendre et résoudre le problème.</p> <p>Autre exemple avec ce Pod Nginx problématique :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Pod</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">inventory-management-api</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">80</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">wge</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">-O"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/work-dir/index.html"</span> <span class="pi">-</span> <span class="s">https://home.robusta.dev</span> <span class="s">(base) root@k8sgpt:~# kubectl apply -f https://raw.githubusercontent.com/robusta-dev/kubernetes-demos/refs/heads/main/crashloop_backoff/create_crashloop_backoff.yaml</span> <span class="s">pod/inventory-management-api created</span> <span class="s">(base) root@k8sgpt:~# kubectl get po</span> <span class="s">NAME READY STATUS RESTARTS AGE</span> <span class="s">inventory-management-api 0/1 ContainerCreating 0 5s</span> <span class="s">(base) root@k8sgpt:~# kubectl get po</span> <span class="s">NAME READY STATUS RESTARTS AGE</span> <span class="s">inventory-management-api 0/1 RunContainerError 1 (1s ago) 10s</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5oufcpajkqntnz390nxk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5oufcpajkqntnz390nxk.png" width="800" height="401"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1ufq9vgoeypy1br2064x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1ufq9vgoeypy1br2064x.png" width="800" height="401"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsatiwyy30j9r8a9gk0xo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsatiwyy30j9r8a9gk0xo.png" width="800" height="450"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F35mg92yvgooxdejiebtj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F35mg92yvgooxdejiebtj.png" width="800" height="397"></a></p> <p>Et une nouvelle analyse met le doigt sur le Pod problématique …<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# k8sgpt analyze <span class="nt">--explain</span> <span class="nt">--backend</span> localai <span class="nt">--with-doc</span> 100% |████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| <span class="o">(</span>1/1, 2 it/min<span class="o">)</span> AI Provider: localai 0: Pod default/inventory-management-api<span class="o">()</span> - Error: the last termination reason is StartError <span class="nv">container</span><span class="o">=</span>nginx <span class="nv">pod</span><span class="o">=</span>inventory-management-api Error: The Kubernetes error indicates that there was a StartError issue with the nginx container <span class="k">for </span>the pod named inventory-management-api. Solution: 1. Check the nginx configuration file <span class="k">for </span>syntax errors. 2. Ensure all required resources and permissions are correctly set. 3. Verify network accessibility within the pod. 4. Confirm proper image pull secrets <span class="k">if </span>using Docker images. 5. Review any recent changes to the deployment or service configurations. </code></pre> </div> <p>Dans cet autre exemple il peut ne pas détecter de problématique avec cette simulation de faux positif via busybox :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Job</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">java-api-checker</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">java-beans</span> <span class="na">image</span><span class="pi">:</span> <span class="s">busybox</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/bin/sh"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-c"</span><span class="pi">]</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">echo</span><span class="nv"> </span><span class="s">'Java</span><span class="nv"> </span><span class="s">Network</span><span class="nv"> </span><span class="s">Exception:</span><span class="nv"> </span><span class="se">\n</span><span class="s">All</span><span class="nv"> </span><span class="s">host(s)</span><span class="nv"> </span><span class="s">tried</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">db</span><span class="nv"> </span><span class="s">query</span><span class="nv"> </span><span class="s">failed</span><span class="nv"> </span><span class="s">(tried:</span><span class="nv"> </span><span class="s">prod-db:3333)</span><span class="nv"> </span><span class="s">-</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">available</span><span class="nv"> </span><span class="s">connection</span><span class="nv"> </span><span class="s">and</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">queue</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">reached</span><span class="nv"> </span><span class="s">its</span><span class="nv"> </span><span class="s">max</span><span class="nv"> </span><span class="s">size</span><span class="nv"> </span><span class="s">256</span><span class="nv"> </span><span class="se">\n</span><span class="s">All</span><span class="nv"> </span><span class="s">host(s)</span><span class="nv"> </span><span class="s">tried</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">db</span><span class="nv"> </span><span class="s">query</span><span class="nv"> </span><span class="s">failed</span><span class="nv"> </span><span class="s">(tried:</span><span class="nv"> </span><span class="s">prod-db:3333)</span><span class="nv"> </span><span class="s">-</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">available</span><span class="nv"> </span><span class="s">connection</span><span class="nv"> </span><span class="s">and</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">queue</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">reached</span><span class="nv"> </span><span class="s">its</span><span class="nv"> </span><span class="s">max</span><span class="nv"> </span><span class="s">size</span><span class="nv"> </span><span class="s">256</span><span class="nv"> </span><span class="se">\n</span><span class="s">All</span><span class="nv"> </span><span class="s">host(s)</span><span class="nv"> </span><span class="s">tried</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">db</span><span class="nv"> </span><span class="s">query</span><span class="nv"> </span><span class="s">failed</span><span class="nv"> </span><span class="s">(tried:</span><span class="nv"> </span><span class="s">prod-db:3333)</span><span class="nv"> </span><span class="s">-</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">available</span><span class="nv"> </span><span class="s">connection</span><span class="nv"> </span><span class="s">and</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">queue</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">reached</span><span class="nv"> </span><span class="s">its</span><span class="nv"> </span><span class="s">max</span><span class="nv"> </span><span class="s">size</span><span class="nv"> </span><span class="s">256</span><span class="nv"> </span><span class="se">\n</span><span class="s">All</span><span class="nv"> </span><span class="s">host(s)</span><span class="nv"> </span><span class="s">tried</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">db</span><span class="nv"> </span><span class="s">query</span><span class="nv"> </span><span class="s">failed</span><span class="nv"> </span><span class="s">(tried:</span><span class="nv"> </span><span class="s">prod-db:3333)</span><span class="nv"> </span><span class="s">-</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">available</span><span class="nv"> </span><span class="s">connection</span><span class="nv"> </span><span class="s">and</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">queue</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">reached</span><span class="nv"> </span><span class="s">its</span><span class="nv"> </span><span class="s">max</span><span class="nv"> </span><span class="s">size</span><span class="nv"> </span><span class="s">256';</span><span class="nv"> </span><span class="s">sleep</span><span class="nv"> </span><span class="s">60;</span><span class="nv"> </span><span class="s">exit</span><span class="nv"> </span><span class="s">1"</span><span class="pi">]</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Never</span> <span class="na">backoffLimit</span><span class="pi">:</span> <span class="m">1</span> <span class="s">(base) root@k8sgpt:~# kubectl delete -f https://raw.githubusercontent.com/robusta-dev/kubernetes-demos/refs/heads/main/crashloop_backoff/create_crashloop_backoff.yaml</span> <span class="s">pod "inventory-management-api" deleted</span> <span class="s">(base) root@k8sgpt:~# kubectl apply -f https://raw.githubusercontent.com/robusta-dev/kubernetes-demos/refs/heads/main/job_failure/job_crash.yaml</span> <span class="s">job.batch/java-api-checker created</span> <span class="s">(base) root@k8sgpt:~# kubectl get po</span> <span class="s">NAME READY STATUS RESTARTS AGE</span> <span class="s">java-api-checker-5s6dc 1/1 Running 0 7s</span> <span class="s">(base) root@k8sgpt:~# kubectl logs po/java-api-checker-5s6dc</span> <span class="na">Java Network Exception</span><span class="pi">:</span> <span class="na">All host(s) tried for db query failed (tried</span><span class="pi">:</span> <span class="s">prod-db:3333) - no available connection and the queue has reached its max size 256</span> <span class="na">All host(s) tried for db query failed (tried</span><span class="pi">:</span> <span class="s">prod-db:3333) - no available connection and the queue has reached its max size 256</span> <span class="na">All host(s) tried for db query failed (tried</span><span class="pi">:</span> <span class="s">prod-db:3333) - no available connection and the queue has reached its max size 256</span> <span class="na">All host(s) tried for db query failed (tried</span><span class="pi">:</span> <span class="s">prod-db:3333) - no available connection and the queue has reached its max size </span><span class="m">256</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkt0ahcbrtd8qckhqx6qj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkt0ahcbrtd8qckhqx6qj.png" width="800" height="397"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcfftj6cxupvsrzcc3es5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcfftj6cxupvsrzcc3es5.png" width="800" height="397"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> root@k8sgpt:~# k8sgpt analyze <span class="nt">--explain</span> <span class="nt">--backend</span> localai <span class="nt">--with-doc</span> AI Provider: localai No problems detected </code></pre> </div> <p>Pour une intégration plus complète, vous pouvez installer l’opérateur K8sGPT dans votre cluster Kubernetes. Cet opérateur surveille en continu les problèmes dans le cluster et génère des insights que vous pouvez consulter en interrogeant la ressource personnalisée (CR) de l'opérateur.</p> <p><a href="https://github.com/k8sgpt-ai/k8sgpt-operator" rel="noopener noreferrer">GitHub - k8sgpt-ai/k8sgpt-operator: Automatic SRE Superpowers within your Kubernetes cluster</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ helm repo add k8sgpt https://charts.k8sgpt.ai/ $ helm repo update $ helm install release k8sgpt/k8sgpt-operator -n k8sgpt-operator-system --create-namespace # Installer l'opérateur k8sGPT $ kubectl apply -n k8sgpt-operator-system -f - &lt;&lt; EOF apiVersion: core.k8sgpt.ai/v1alpha1 kind: K8sGPT metadata: name: k8sgpt-ollama spec: ai: enabled: true model: falcon3 backend: localai baseUrl: http://localhost:11434/v1 noCache: false filters: ["Pod"] repository: ghcr.io/k8sgpt-ai/k8sgpt version: v0.3.48 EOF </code></pre> </div> <p><a href="https://www.suse.com/c/rancher_blog/debugging-your-rancher-kubernetes-cluster-the-genai-way-with-k8sgpt-ollama-rancher-desktop/" rel="noopener noreferrer">Debugging your Rancher Kubernetes Cluster the GenAI Way w...</a></p> <p>Il est également possible d’analyser plusieurs clusters Kubernetes en spécifiant le chemin vers le fichier Kubeconfig concerné :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>k8sgpt analyze <span class="nt">--explain</span> <span class="nt">--backend</span> localai <span class="nt">--with-doc</span> <span class="nt">--kubeconfig</span> &lt;chemin vers le fichier Kubeconfig&gt; </code></pre> </div> <p>L’opérateur recherchera les problèmes dans le cluster et générera des résultats d’analyse. En fonction de la puissance de votre machine (pour accélerer les temps de réponse d’Ollama, des ressources GPU sont nécessaires), il faut un certain temps à l’opérateur pour appeler le LLM et générer les informations …</p> <p>Pour conclure, K8sGPT en combinaison avec Ollama offre une solution puissante pour déboguer et gérer les clusters Kubernetes de manière efficace. Cette intégration utilise l'intelligence artificielle pour fournir des insights clairs et des recommandations pour résoudre les problèmes, simplifiant ainsi la vie des opérateurs de cluster. En suivant ces étapes, vous pouvez mettre en place une solution de diagnostic automatisée et basée sur l'IA pour votre environnement Kubernetes …</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8bzmniacbwvd6cke17rt.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8bzmniacbwvd6cke17rt.jpg" width="750" height="500"></a></p> <p>À suivre !</p> kubernetes devops genai docker Karim Tue, 24 Dec 2024 12:48:32 +0000 https://forem.com/deep75/openstack-sur-kubernetes-en-toute-simplicite-avec-canonical-microstack-et-pulumi--1mi6 https://forem.com/deep75/openstack-sur-kubernetes-en-toute-simplicite-avec-canonical-microstack-et-pulumi--1mi6 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3onpws5qm0xj3130udyd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3onpws5qm0xj3130udyd.png" width="800" height="431"></a></p> <p>MicroStack est une solution développée par Canonical, utilisant Snap, Juju et Kubernetes pour déployer et gérer OpenStack. Cette solution simplifie considérablement la complexité traditionnellement associée à la gestion des clouds OpenStack. Elle a évolué comme je le relatais auparavant dans différents articles en y insérant Canonical Kubernetes :</p> <ul> <li><a href="https://dev.to/deep75/k8s-snap-canonical-kubernetes-pour-un-deploiement-simple-et-rapide-dun-cluster-k8s--4hi5">k8s-snap (Canonical Kubernetes) pour un déploiement simple et rapide d’un cluster k8s …</a></li> <li><a href="https://deep75.medium.com/un-cluster-openstack-sur-sa-station-en-une-minute-avec-microstack-8da478196299" rel="noopener noreferrer">Un cluster OpenStack sur sa station en une minute avec Microstack …</a></li> <li><a href="https://deep75.medium.com/mise-en-oeuvre-dun-service-mesh-avec-microstack-linkerd-2-x-et-k3s-23242310246c" rel="noopener noreferrer">Mise en oeuvre d’un Service Mesh avec MicroStack, Linkerd 2.x et K3S …</a></li> </ul> <h3> Avantages de MicroStack </h3> <p><a href="https://canonical.com/microstack" rel="noopener noreferrer">OpenStack on Kubernetes | Ubuntu | Canonical</a></p> <ul> <li> <strong>Déploiement Simplifié</strong> : MicroStack offre un processus d’installation rationalisé, capable de démarrer un déploiement cloud en moins de 6 commandes, avec un temps de déploiement moyen de 40 minutes. Cela le rend particulièrement adapté aux organisations qui cherchent à établir ou à étendre rapidement un environnement Cloud sans disposer d’une expertise technique approfondie.</li> <li> <strong>Flexibilité et Customisation</strong> : MicroStack permet une grande flexibilité, incluant l’intégration d’un large éventail de plug-ins et d’extensions, ce qui permet aux entreprises de construire un environnement Cloud qui s’aligne précisément sur leurs objectifs opérationnels.</li> </ul> <p>Mise en oeuvre concrète de Microstack sur un noeud unique selon ces préconisations techniques :</p> <p><a href="https://canonical.com/microstack/docs/enterprise-reqs" rel="noopener noreferrer">Enterprise requirements | Canonical</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frnfyhzwr7q7q7ix69ekw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frnfyhzwr7q7q7ix69ekw.png" width="800" height="446"></a></p> <p>Je pars donc d’une instance dédiée sur DigitalOcean autorisant la virtualisation imbriquée :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg5ywi3g3f2l3kvo5oed4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg5ywi3g3f2l3kvo5oed4.png" width="800" height="286"></a></p> <p>Pour installer MicroStack sur un nœud unique, vous pouvez suivre ces étapes. Pour commencer, création d’un utilisateur non root avec sudo activé :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@microstack:~# useradd <span class="nt">-s</span> /bin/bash <span class="nt">-d</span> /home/ubuntu <span class="nt">-m</span> ubuntu root@microstack:~# <span class="nb">echo</span> <span class="s2">"ubuntu ALL=(ALL) NOPASSWD: ALL"</span> | <span class="nb">tee</span> /etc/sudoers.d/ubuntu ubuntu <span class="nv">ALL</span><span class="o">=(</span>ALL<span class="o">)</span> NOPASSWD: ALL root@microstack:~# <span class="nb">cp</span> <span class="nt">-r</span> .ssh/ /home/ubuntu/ root@microstack:~# <span class="nb">chown</span> <span class="nt">-R</span> ubuntu:ubuntu /home/ubuntu/.ssh/ </code></pre> </div> <p>Puis installation de snapd :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span><span class="nb">sudo </span>apt <span class="nb">install </span>snapd Reading package lists... Done Building dependency tree... Done Reading state information... Done Suggested packages: zenity | kdialog The following packages will be upgraded: snapd 1 upgraded, 0 newly installed, 0 to remove and 195 not upgraded. Need to get 30.0 MB of archives. After this operation, 5513 kB of additional disk space will be used. Get:1 http://mirrors.digitalocean.com/ubuntu noble-updates/main amd64 snapd amd64 2.66.1+24.04 <span class="o">[</span>30.0 MB] Fetched 30.0 MB <span class="k">in </span>0s <span class="o">(</span>93.2 MB/s<span class="o">)</span> <span class="o">(</span>Reading database ... 71895 files and directories currently installed.<span class="o">)</span> Preparing to unpack .../snapd_2.66.1+24.04_amd64.deb ... Unpacking snapd <span class="o">(</span>2.66.1+24.04<span class="o">)</span> over <span class="o">(</span>2.63+24.04<span class="o">)</span> ... Setting up snapd <span class="o">(</span>2.66.1+24.04<span class="o">)</span> ... Installing new version of config file /etc/apparmor.d/usr.lib.snapd.snap-confine.real ... snapd.failure.service is a disabled or a static unit not running, not starting it. snapd.snap-repair.service is a disabled or a static unit not running, not starting it. Processing triggers <span class="k">for </span>dbus <span class="o">(</span>1.14.10-4ubuntu4<span class="o">)</span> ... Processing triggers <span class="k">for </span>man-db <span class="o">(</span>2.12.0-4build2<span class="o">)</span> ... Scanning processes... Scanning linux images... Running kernel seems to be up-to-date. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor <span class="o">(</span>qemu<span class="o">)</span> binaries on this host. ubuntu@microstack:~<span class="nv">$ </span><span class="nb">sudo </span>systemctl <span class="nb">enable</span> <span class="nt">--now</span> snapd </code></pre> </div> <p>Installation de MicroStack via la dernière version avec snapd :</p> <p><a href="https://snapcraft.io/openstack" rel="noopener noreferrer">Install Canonical MicroStack on Linux | Snap Store</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span><span class="nb">sudo </span>snap <span class="nb">install </span>openstack <span class="nt">--channel</span> 2024.1/beta 2024-12-24T08:58:22Z INFO Waiting <span class="k">for </span>automatic snapd restart... openstack <span class="o">(</span>2024.1/beta<span class="o">)</span> 2024.1 from Canonical✓ installed ubuntu@microstack:~<span class="nv">$ </span><span class="nb">sudo </span>snap list Name Version Rev Tracking Publisher Notes core24 20240920 609 latest/stable canonical✓ base openstack 2024.1 637 2024.1/beta canonical✓ - snapd 2.66.1 23258 latest/stable canonical✓ snapd </code></pre> </div> <p>MicroStack utilise Sunbeam pour générer un script qui s’assure que la machine dispose de toutes les dépendances nécessaires et qu’elle est configurée correctement pour être utilisée dans OpenStack. Lancement de ce dernier de manière directe :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span>sunbeam prepare-node-script | bash <span class="nt">-x</span> <span class="o">&amp;&amp;</span> newgrp snap_daemon ++ lsb_release <span class="nt">-sc</span> + <span class="s1">'['</span> noble <span class="s1">'!='</span> noble <span class="s1">']'</span> ++ <span class="nb">whoami</span> + <span class="nv">USER</span><span class="o">=</span>ubuntu ++ <span class="nb">id</span> <span class="nt">-u</span> + <span class="s1">'['</span> 1000 <span class="nt">-eq</span> 0 <span class="nt">-o</span> ubuntu <span class="o">=</span> root <span class="s1">']'</span> + <span class="nv">SUDO_ASKPASS</span><span class="o">=</span>/bin/false + <span class="nb">sudo</span> <span class="nt">-A</span> <span class="nb">whoami</span> + <span class="nb">sudo grep</span> <span class="nt">-r</span> ubuntu /etc/sudoers /etc/sudoers.d + <span class="nb">grep </span>NOPASSWD:ALL + <span class="nb">echo</span> <span class="s1">'ubuntu ALL=(ALL) NOPASSWD:ALL'</span> + <span class="nb">sudo install</span> <span class="nt">-m</span> 440 /tmp/90-ubuntu-sudo-access /etc/sudoers.d/90-ubuntu-sudo-access + <span class="nb">rm</span> <span class="nt">-f</span> /tmp/90-ubuntu-sudo-access + dpkg <span class="nt">-s</span> openssh-server + dpkg <span class="nt">-s</span> curl + <span class="nb">sudo </span>usermod <span class="nt">--append</span> <span class="nt">--groups</span> snap_daemon ubuntu + <span class="s1">'['</span> <span class="nt">-f</span> /home/ubuntu/.ssh/id_rsa <span class="s1">']'</span> + ssh-keygen <span class="nt">-b</span> 4096 <span class="nt">-f</span> /home/ubuntu/.ssh/id_rsa <span class="nt">-t</span> rsa <span class="nt">-N</span> <span class="s1">''</span> Generating public/private rsa key pair. Your identification has been saved <span class="k">in</span> /home/ubuntu/.ssh/id_rsa Your public key has been saved <span class="k">in</span> /home/ubuntu/.ssh/id_rsa.pub The key fingerprint is: SHA256:NTnupee3yat23zAuoYy5U6VoXqK+JaU5R3L36nwrauM ubuntu@microstack The key<span class="s1">'s randomart image is: +---[RSA 4096]----+ | | | . | | = | | o o. | | . S.oo. | | B+o++. | | =+oBo.o.o | | .=B.+++oo+.| | .o+E*+++**+o| +----[SHA256]-----+ + cat /home/ubuntu/.ssh/id_rsa.pub ++ hostname --all-ip-addresses + ssh-keyscan -H 134.209.225.128 10.19.0.5 10.114.0.2 # 134.209.225.128:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 134.209.225.128:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 134.209.225.128:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 134.209.225.128:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 134.209.225.128:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 10.19.0.5:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 10.19.0.5:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 10.19.0.5:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 10.19.0.5:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 10.19.0.5:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 10.114.0.2:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 10.114.0.2:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 10.114.0.2:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 # 10.114.0.2:22 SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4 10.114.0.2: Connection closed by remote host + grep -E '</span>HTTPS?_PROXY<span class="s1">' /etc/environment + curl -s -m 10 -x '' api.charmhub.io + sudo snap connect openstack:ssh-keys + sudo snap install --channel 3.6/stable juju juju (3.6/stable) 3.6.1 from Canonical✓ installed + mkdir -p /home/ubuntu/.local/share + mkdir -p /home/ubuntu/.config/openstack ++ snap list openstack --unicode=never --color=never ++ grep openstack + snap_output='</span>openstack 2024.1 637 2024.1/beta canonical<span class="k">**</span> -<span class="s1">' ++ awk -v col=4 '</span><span class="o">{</span>print <span class="nv">$col</span><span class="o">}</span><span class="s1">' + track=2024.1/beta + [[2024.1/beta =~ edge]] + [[2024.1/beta == \-]] + [[2024.1/beta =~ beta]] + risk=beta + [[beta != \s\t\a\b\l\e]] + sudo snap set openstack deployment.risk=beta + echo '</span>Snap has been automatically configured to deploy from<span class="s1">' '</span>beta channel.<span class="s1">' Snap has been automatically configured to deploy from beta channel. + echo '</span>Override by passing a custom manifest with <span class="nt">-m</span>/--manifest.<span class="s1">' Override by passing a custom manifest with -m/--manifest. </span></code></pre> </div> <p>Possibilité à cette étape de déployer le cloud OpenStack à l’aide de cette commande en acceptant les valeurs par défaut (cela prend environ 30 minutes en fonction de la vitesse de connexion) :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span>sunbeam cluster bootstrap <span class="nt">--accept-defaults</span> Node has been bootstrapped with roles: compute, control ubuntu@microstack:~<span class="nv">$ </span>sunbeam cluster list controller ┏━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━━┓ ┃ Node ┃ Cluster ┃ Machine ┃ Compute ┃ Control ┃ Storage ┃ ┡━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━━┩ │ microstack │ ONLINE │ running │ active │ active │ │ └────────────┴─────────┴─────────┴─────────┴─────────┴─────────┘ ubuntu@microstack:~<span class="nv">$ </span><span class="nb">sudo </span>systemctl status snap.openstack.clusterd.service ● snap.openstack.clusterd.service - Service <span class="k">for </span>snap application openstack.clusterd Loaded: loaded <span class="o">(</span>/etc/systemd/system/snap.openstack.clusterd.service<span class="p">;</span> enabled<span class="p">;</span> preset: enabled<span class="o">)</span> Active: active <span class="o">(</span>running<span class="o">)</span> since Tue 2024-12-24 08:58:36 UTC<span class="p">;</span> 1h 10min ago Main PID: 4497 <span class="o">(</span>sunbeamd<span class="o">)</span> Tasks: 18 <span class="o">(</span>limit: 77123<span class="o">)</span> Memory: 34.6M <span class="o">(</span>peak: 39.2M<span class="o">)</span> CPU: 11.947s CGroup: /system.slice/snap.openstack.clusterd.service └─4497 sunbeamd <span class="nt">--state-dir</span> /var/snap/openstack/common/state <span class="nt">--socket-group</span> snap_daemon <span class="nt">--verbose</span> </code></pre> </div> <p>MicroStack est alors déployé et on peut lancer l’environnement de démo qui crée un tenant préconfiguré (avec les accès au dashboard) :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ubuntu@microstack:~$ sunbeam configure --accept-defaults --openrc demo-openrc ⠋ Generating openrc for cloud admin usage ... Writing openrc to demo-openrc ... done The cloud has been configured for sample usage. You can start using the OpenStack client or access the OpenStack dashboard at http://172.16.1.204:80/openstack-horizon </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ktscew8gzyuoc6nvdn7.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ktscew8gzyuoc6nvdn7.jpg" width="622" height="477"></a></p> <p>Je dispose des identifiants pour ce dernier :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span><span class="nb">cat </span>demo-openrc <span class="c"># openrc for demo</span> <span class="nb">export </span><span class="nv">OS_AUTH_URL</span><span class="o">=</span>http://172.16.1.204/openstack-keystone/v3 <span class="nb">export </span><span class="nv">OS_USERNAME</span><span class="o">=</span>demo <span class="nb">export </span><span class="nv">OS_PASSWORD</span><span class="o">=</span>C0jg0mAgdvD5 <span class="nb">export </span><span class="nv">OS_USER_DOMAIN_NAME</span><span class="o">=</span><span class="nb">users export </span><span class="nv">OS_PROJECT_DOMAIN_NAME</span><span class="o">=</span><span class="nb">users export </span><span class="nv">OS_PROJECT_NAME</span><span class="o">=</span>demo <span class="nb">export </span><span class="nv">OS_AUTH_VERSION</span><span class="o">=</span>3 <span class="nb">export </span><span class="nv">OS_IDENTITY_API_VERSION</span><span class="o">=</span>3 </code></pre> </div> <p>Ou pour le compte admin :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span>sunbeam openrc <span class="o">&gt;</span> admin-openrc ubuntu@microstack:~<span class="nv">$ </span><span class="nb">cat </span>admin-openrc <span class="c"># openrc for access to OpenStack</span> <span class="nb">export </span><span class="nv">OS_USERNAME</span><span class="o">=</span>admin <span class="nb">export </span><span class="nv">OS_PASSWORD</span><span class="o">=</span>f7M1ey2dqpHo <span class="nb">export </span><span class="nv">OS_AUTH_URL</span><span class="o">=</span>http://172.16.1.204/openstack-keystone/v3 <span class="nb">export </span><span class="nv">OS_USER_DOMAIN_NAME</span><span class="o">=</span>admin_domain <span class="nb">export </span><span class="nv">OS_PROJECT_DOMAIN_NAME</span><span class="o">=</span>admin_domain <span class="nb">export </span><span class="nv">OS_PROJECT_NAME</span><span class="o">=</span>admin <span class="nb">export </span><span class="nv">OS_AUTH_VERSION</span><span class="o">=</span>3 <span class="nb">export </span><span class="nv">OS_IDENTITY_API_VERSION</span><span class="o">=</span>3 </code></pre> </div> <p>Lancement rapide d’une instance de test :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span>sunbeam launch ubuntu <span class="nt">--name</span> instance1 Launching an OpenStack instance ... Access the instance by running the following <span class="nb">command</span>: <span class="sb">`</span>ssh <span class="nt">-i</span> /home/ubuntu/snap/openstack/637/sunbeam ubuntu@172.16.2.31<span class="sb">`</span> ubuntu@microstack:~<span class="nv">$ </span><span class="nb">source </span>demo-openrc ubuntu@microstack:~<span class="nv">$ </span>openstack server list +--------------------------------------+-----------+--------+-----------------------------------------+--------+---------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-----------+--------+-----------------------------------------+--------+---------+ | efe46971-56f4-4da4-9c6e-eebee2795b72 | instance1 | ACTIVE | demo-network<span class="o">=</span>172.16.2.31, 192.168.0.166 | ubuntu | m1.tiny | +--------------------------------------+-----------+--------+-----------------------------------------+--------+---------+ </code></pre> </div> <p>J’accède ici au dashboard via une redirection ssh :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>ssh <span class="nt">-L</span> 0.0.0.0:8888:172.16.1.204:80 ubuntu@134.209.225.128 </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjqhlf04d6w2kbnvydu0a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjqhlf04d6w2kbnvydu0a.png" width="800" height="419"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7stllazkmqn5wo3s98gi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7stllazkmqn5wo3s98gi.png" width="800" height="419"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb4925kskn0krf5mlbasa.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb4925kskn0krf5mlbasa.png" width="800" height="419"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmz8relr6ktcc2xq0a82n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmz8relr6ktcc2xq0a82n.png" width="800" height="403"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2le8v5oi2bb6skfh6u9v.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2le8v5oi2bb6skfh6u9v.png" width="800" height="368"></a></p> <p>Dans MicroStack, Sunbeam permet l’activation de plusieurs extensions intéressantes :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span>sunbeam <span class="nb">enable</span> <span class="nt">--help</span> Usage: sunbeam <span class="nb">enable</span> <span class="o">[</span>OPTIONS] COMMAND <span class="o">[</span>ARGS]... Enable features. Options: <span class="nt">-m</span>, <span class="nt">--manifest</span> FILE Manifest file. <span class="nt">-h</span>, <span class="nt">--help</span> Show this message and exit. Commands: caas Enable Container as a Service feature. dns Enable dns service. images-sync Enable images-sync service. ldap Enable ldap service. loadbalancer Enable Loadbalancer service. observability Enable Observability service. orchestration Enable Orchestration service. pro Enable Ubuntu Pro across deployment. resource-optimization Enable Resource Optimization service <span class="o">(</span>watcher<span class="o">)</span><span class="nb">.</span> secrets Enable OpenStack Secrets service. telemetry Enable OpenStack Telemetry applications. tls Enable tls group. validation Enable OpenStack Integration Test Suite <span class="o">(</span>tempest<span class="o">)</span><span class="nb">.</span> vault Enable Vault. </code></pre> </div> <p>Activation de plusieures d’entre elles …<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span>sunbeam <span class="nb">enable </span>orchestration OpenStack orchestration application enabled. ubuntu@microstack:~<span class="nv">$ </span>sunbeam <span class="nb">enable </span>telemetry OpenStack telemetry application enabled. ubuntu@microstack:~<span class="nv">$ </span>sunbeam <span class="nb">enable </span>observability embedded Observability enabled. </code></pre> </div> <p>Dont celle relative à la stack d’observabilité mettant en oeuvre Grafana dont on obtient ici le lien et les identifiants :</p> <p><a href="https://canonical.com/microstack/docs/observability" rel="noopener noreferrer">Observability | Canonical</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> (base) ubuntu@microstack:~$ sunbeam observability dashboard-url http://172.16.1.205/observability-grafana (base) ubuntu@microstack:~$ juju run --model observability grafana/leader get-admin-password Running operation 5 with 1 task - task 6 on unit-grafana-0 Waiting for task 6... admin-password: 0EAJrXNIt3jd url: http://172.16.1.205/observability-grafana </code></pre> </div> <p>Sunbeam utilise une série de manifestes dont on retrouve la liste à la suite de tous ces déploiements :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span>sunbeam manifest list ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━┓ ┃ ID ┃ Applied Date ┃ ┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━┩ │ ecd1a516be9a244376923e9f7b8217ce │ 2024-12-24 09:00:10 │ └──────────────────────────────────┴─────────────────────┘ ubuntu@microstack:~<span class="nv">$ </span>sunbeam manifest show ecd1a516be9a244376923e9f7b8217ce core: software: charms: cinder-ceph-k8s: channel: 2024.1/beta cinder-k8s: channel: 2024.1/beta glance-k8s: channel: 2024.1/beta horizon-k8s: channel: 2024.1/beta keystone-k8s: channel: 2024.1/beta microceph: channel: squid/beta config: snap-channel: squid/beta neutron-k8s: channel: 2024.1/beta nova-k8s: channel: 2024.1/beta openstack-hypervisor: channel: 2024.1/beta config: snap-channel: 2024.1/beta ovn-central-k8s: channel: 24.03/beta ovn-relay-k8s: channel: 24.03/beta placement-k8s: channel: 2024.1/beta sunbeam-clusterd: channel: 2024.1/beta config: snap-channel: 2024.1/beta sunbeam-machine: channel: 2024.1/beta features: caas: software: charms: magnum-k8s: channel: 2024.1/beta dns: software: charms: designate-bind-k8s: channel: 9/beta designate-k8s: channel: 2024.1/beta images-sync: software: charms: openstack-images-sync-k8s: channel: 2024.1/beta instance-recovery: software: charms: consul-client: channel: 1.19/beta consul-k8s: channel: 1.19/beta masakari-k8s: channel: 2024.1/beta ldap: software: charms: keystone-ldap-k8s: channel: 2024.1/beta loadbalancer: software: charms: octavia-k8s: channel: 2024.1/beta orchestration: software: charms: heat-k8s: channel: 2024.1/beta resource-optimization: software: charms: watcher-k8s: channel: 2024.1/beta secrets: software: charms: barbican-k8s: channel: 2024.1/beta telemetry: software: charms: aodh-k8s: channel: 2024.1/beta ceilometer-k8s: channel: 2024.1/beta gnocchi-k8s: channel: 2024.1/beta openstack-exporter-k8s: channel: 2024.1/beta validation: software: charms: tempest-k8s: channel: 2024.1/beta </code></pre> </div> <p>Dont on peut aussi vérifier la présence via Juju :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> ubuntu@microstack:~<span class="nv">$ </span>juju status <span class="nt">-m</span> admin/controller Model Controller Cloud/Region Version SLA Timestamp controller sunbeam-controller one-deer/default 3.6.1 unsupported 10:04:08Z SAAS Status Store URL ceilometer waiting <span class="nb">local </span>microstack/openstack.ceilometer cert-distributor active <span class="nb">local </span>microstack/openstack.cert-distributor certificate-authority active <span class="nb">local </span>microstack/openstack.certificate-authority cinder-ceph blocked <span class="nb">local </span>microstack/openstack.cinder-ceph grafana-dashboards active <span class="nb">local </span>microstack/observability.grafana-dashboards keystone-credentials active <span class="nb">local </span>microstack/openstack.keystone-credentials keystone-endpoints active <span class="nb">local </span>microstack/openstack.keystone-endpoints loki-logging active <span class="nb">local </span>microstack/observability.loki-logging nova active <span class="nb">local </span>microstack/openstack.nova ovn-relay active <span class="nb">local </span>microstack/openstack.ovn-relay prometheus-receive-remote-write active <span class="nb">local </span>microstack/observability.prometheus-receive-remote-write rabbitmq active <span class="nb">local </span>microstack/openstack.rabbitmq App Version Status Scale Charm Channel Rev Exposed Message controller active 1 juju-controller 3.6/stable 116 no grafana-agent active 1 grafana-agent latest/stable 260 no tracing: off k8s 1.31.3 active 1 k8s 1.31/candidate 141 no Ready microceph unknown 0 microceph squid/beta 84 no openstack-hypervisor waiting 1 openstack-hypervisor 2024.1/beta 221 no <span class="o">(</span>ceph-access<span class="o">)</span> integration incomplete sunbeam-machine active 1 sunbeam-machine 2024.1/beta 49 no Unit Workload Agent Machine Public address Ports Message controller/0<span class="k">*</span> active idle 0 134.209.225.128 k8s/0<span class="k">*</span> active idle 0 134.209.225.128 6443/tcp Ready openstack-hypervisor/0<span class="k">*</span> waiting idle 0 134.209.225.128 <span class="o">(</span>ceph-access<span class="o">)</span> integration incomplete grafana-agent/0<span class="k">*</span> active idle 134.209.225.128 tracing: off sunbeam-machine/0<span class="k">*</span> active idle 0 134.209.225.128 Machine State Address Inst <span class="nb">id </span>Base AZ Message 0 started 134.209.225.128 manual: ubuntu@24.04 Manually provisioned machine Offer Application Charm Rev Connected Endpoint Interface Role microceph microceph microceph 84 0/0 ceph ceph-client provider ubuntu@microstack:~<span class="nv">$ </span>juju status <span class="nt">-m</span> openstack Model Controller Cloud/Region Version SLA Timestamp openstack sunbeam-controller one-deer-k8s/localhost 3.6.1 unsupported 10:04:48Z SAAS Status Store URL grafana-dashboards active <span class="nb">local </span>microstack/observability.grafana-dashboards loki-logging active <span class="nb">local </span>microstack/observability.loki-logging prometheus-receive-remote-write active <span class="nb">local </span>microstack/observability.prometheus-receive-remote-write App Version Status Scale Charm Channel Rev Address Exposed Message aodh active 1 aodh-k8s 2024.1/beta 62 10.152.183.238 no aodh-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.134 no aodh-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.200 no ceilometer waiting 1 ceilometer-k8s 2024.1/beta 62 10.152.183.88 no <span class="o">(</span>workload<span class="o">)</span> Not all relations are ready certificate-authority active 1 self-signed-certificates latest/beta 228 10.152.183.220 no cinder active 1 cinder-k8s 2024.1/beta 99 10.152.183.160 no cinder-ceph blocked 1 cinder-ceph-k8s 2024.1/beta 97 10.152.183.202 no <span class="o">(</span>ceph<span class="o">)</span> integration missing cinder-ceph-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.244 no cinder-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.77 no cinder-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.92 no glance active 1 glance-k8s 2024.1/beta 120 10.152.183.187 no glance-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.163 no glance-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.116 no gnocchi blocked 1 gnocchi-k8s 2024.1/beta 61 10.152.183.81 no <span class="o">(</span>ceph<span class="o">)</span> integration missing gnocchi-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.35 no gnocchi-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.72 no grafana-agent 0.40.4 active 1 grafana-agent-k8s latest/stable 80 10.152.183.169 no heat active 1 heat-k8s 2024.1/beta 79 10.152.183.151 no heat-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.222 no heat-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.249 no horizon active 1 horizon-k8s 2024.1/beta 111 10.152.183.234 no http://172.16.1.204/openstack-horizon horizon-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.131 no horizon-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.140 no keystone active 1 keystone-k8s 2024.1/beta 213 10.152.183.63 no keystone-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.48 no keystone-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.108 no neutron active 1 neutron-k8s 2024.1/beta 119 10.152.183.212 no neutron-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.75 no neutron-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.197 no nova active 1 nova-k8s 2024.1/beta 109 10.152.183.104 no nova-api-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.189 no nova-cell-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.178 no nova-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.24 no nova-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.152 no openstack-exporter active 1 openstack-exporter-k8s 2024.1/beta 72 10.152.183.100 no ovn-central active 1 ovn-central-k8s 24.03/beta 110 10.152.183.194 no ovn-relay active 1 ovn-relay-k8s 24.03/beta 97 172.16.1.201 no placement active 1 placement-k8s 2024.1/beta 92 10.152.183.199 no placement-mysql 8.0.37-0ubuntu0.22.04.3 active 1 mysql-k8s 8.0/stable 180 10.152.183.83 no placement-mysql-router 8.0.37-0ubuntu0.22.04.3 active 1 mysql-router-k8s 8.0/stable 155 10.152.183.248 no rabbitmq 3.12.1 active 1 rabbitmq-k8s 3.12/stable 34 172.16.1.202 no traefik 2.11.0 active 1 traefik-k8s latest/beta 223 10.152.183.125 no Serving at 172.16.1.203 traefik-public 2.11.0 active 1 traefik-k8s latest/beta 223 10.152.183.54 no Serving at 172.16.1.204 vault blocked 1 vault-k8s 1.16/stable 280 10.152.183.78 no Please initialize Vault or integrate with an auto-unseal provider Unit Workload Agent Address Ports Message aodh-mysql-router/0<span class="k">*</span> active idle 10.1.0.57 aodh-mysql/0<span class="k">*</span> active idle 10.1.0.6 Primary aodh/0<span class="k">*</span> active idle 10.1.0.90 ceilometer/0<span class="k">*</span> waiting idle 10.1.0.149 <span class="o">(</span>workload<span class="o">)</span> Not all relations are ready certificate-authority/0<span class="k">*</span> active idle 10.1.0.5 cinder-ceph-mysql-router/0<span class="k">*</span> active idle 10.1.0.167 cinder-ceph/0<span class="k">*</span> blocked idle 10.1.0.108 <span class="o">(</span>ceph<span class="o">)</span> integration missing cinder-mysql-router/0<span class="k">*</span> active idle 10.1.0.253 cinder-mysql/0<span class="k">*</span> active idle 10.1.0.145 Primary cinder/0<span class="k">*</span> active idle 10.1.0.56 glance-mysql-router/0<span class="k">*</span> active idle 10.1.0.85 glance-mysql/0<span class="k">*</span> active idle 10.1.0.183 Primary glance/0<span class="k">*</span> active idle 10.1.0.251 gnocchi-mysql-router/0<span class="k">*</span> active idle 10.1.0.196 gnocchi-mysql/0<span class="k">*</span> active idle 10.1.0.213 Primary gnocchi/0<span class="k">*</span> blocked idle 10.1.0.55 <span class="o">(</span>ceph<span class="o">)</span> integration missing grafana-agent/0<span class="k">*</span> active idle 10.1.0.2 heat-mysql-router/0<span class="k">*</span> active idle 10.1.0.54 heat-mysql/0<span class="k">*</span> active idle 10.1.0.9 Primary heat/0<span class="k">*</span> active idle 10.1.0.138 horizon-mysql-router/0<span class="k">*</span> active idle 10.1.0.248 horizon-mysql/0<span class="k">*</span> active idle 10.1.0.185 Primary horizon/0<span class="k">*</span> active idle 10.1.0.35 keystone-mysql-router/0<span class="k">*</span> active idle 10.1.0.243 keystone-mysql/0<span class="k">*</span> active idle 10.1.0.104 Primary keystone/0<span class="k">*</span> active idle 10.1.0.223 neutron-mysql-router/0<span class="k">*</span> active idle 10.1.0.135 neutron-mysql/0<span class="k">*</span> active idle 10.1.0.79 Primary neutron/0<span class="k">*</span> active idle 10.1.0.23 nova-api-mysql-router/0<span class="k">*</span> active idle 10.1.0.93 nova-cell-mysql-router/0<span class="k">*</span> active idle 10.1.0.165 nova-mysql-router/0<span class="k">*</span> active idle 10.1.0.143 nova-mysql/0<span class="k">*</span> active idle 10.1.0.226 Primary nova/0<span class="k">*</span> active idle 10.1.0.147 openstack-exporter/0<span class="k">*</span> active idle 10.1.0.100 ovn-central/0<span class="k">*</span> active idle 10.1.0.222 ovn-relay/0<span class="k">*</span> active idle 10.1.0.82 placement-mysql-router/0<span class="k">*</span> active idle 10.1.0.224 placement-mysql/0<span class="k">*</span> active idle 10.1.0.148 Primary placement/0<span class="k">*</span> active idle 10.1.0.78 rabbitmq/0<span class="k">*</span> active idle 10.1.0.238 traefik-public/0<span class="k">*</span> active idle 10.1.0.96 Serving at 172.16.1.204 traefik/0<span class="k">*</span> active idle 10.1.0.151 Serving at 172.16.1.203 vault/0<span class="k">*</span> blocked idle 10.1.0.178 Please initialize Vault or integrate with an auto-unseal provider Offer Application Charm Rev Connected Endpoint Interface Role ceilometer ceilometer ceilometer-k8s 62 1/1 ceilometer-service ceilometer provider cert-distributor keystone keystone-k8s 213 2/2 send-ca-cert certificate_transfer provider certificate-authority certificate-authority self-signed-certificates 228 1/1 certificates tls-certificates provider cinder-ceph cinder-ceph cinder-ceph-k8s 97 1/1 ceph-access cinder-ceph-key provider keystone-credentials keystone keystone-k8s 213 1/1 identity-credentials keystone-credentials provider keystone-endpoints keystone keystone-k8s 213 1/1 identity-service keystone provider nova nova nova-k8s 109 1/1 nova-service nova provider ovn-relay ovn-relay ovn-relay-k8s 97 1/1 ovsdb-cms-relay ovsdb-cms provider rabbitmq rabbitmq rabbitmq-k8s 34 1/1 amqp rabbitmq provider </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgb2266glru0gz6h7ry8e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgb2266glru0gz6h7ry8e.png" width="800" height="393"></a></p> <p>Ou via Canonical Kubernetes (qui supporte OpenStack) :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ubuntu@microstack:~$ sudo k8s kubectl cluster-info Kubernetes control plane is running at https://127.0.0.1:6443 CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/coredns:udp-53/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. ubuntu@microstack:~$ sudo k8s kubectl get po,svc -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/cilium-87pxh 1/1 Running 0 62m kube-system pod/cilium-operator-6f7f8cf67-5vfsx 1/1 Running 0 63m kube-system pod/ck-storage-rawfile-csi-controller-0 2/2 Running 0 63m kube-system pod/ck-storage-rawfile-csi-node-5vbjd 4/4 Running 0 63m kube-system pod/coredns-598bfdf87d-qt2j4 1/1 Running 0 63m kube-system pod/metrics-server-7ff9f4d4c9-jqb9x 1/1 Running 0 63m metallb-system pod/metallb-controller-7bb5f6c9b4-pbzdb 1/1 Running 0 63m metallb-system pod/metallb-speaker-dxg5x 1/1 Running 0 62m observability pod/alertmanager-0 2/2 Running 0 13m observability pod/catalogue-0 2/2 Running 0 13m observability pod/grafana-0 3/3 Running 0 13m observability pod/loki-0 3/3 Running 0 12m observability pod/modeloperator-88fc49d74-tjcnm 1/1 Running 0 14m observability pod/prometheus-0 2/2 Running 0 13m observability pod/traefik-0 2/2 Running 0 13m openstack pod/aodh-0 6/6 Running 0 18m openstack pod/aodh-mysql-0 2/2 Running 0 22m openstack pod/aodh-mysql-router-0 2/2 Running 0 19m openstack pod/ceilometer-0 3/3 Running 0 22m openstack pod/certificate-authority-0 1/1 Running 0 61m openstack pod/cinder-0 3/3 Running 0 56m openstack pod/cinder-ceph-0 2/2 Running 0 56m openstack pod/cinder-ceph-mysql-router-0 2/2 Running 0 56m openstack pod/cinder-mysql-0 2/2 Running 0 60m openstack pod/cinder-mysql-router-0 2/2 Running 0 56m openstack pod/glance-0 2/2 Running 0 56m openstack pod/glance-mysql-0 2/2 Running 0 61m openstack pod/glance-mysql-router-0 2/2 Running 0 56m openstack pod/gnocchi-0 3/3 Running 0 19m openstack pod/gnocchi-mysql-0 2/2 Running 0 22m openstack pod/gnocchi-mysql-router-0 2/2 Running 0 19m openstack pod/grafana-agent-0 2/2 Running 0 10m openstack pod/heat-0 4/4 Running 0 29m openstack pod/heat-mysql-0 2/2 Running 0 30m openstack pod/heat-mysql-router-0 2/2 Running 0 29m openstack pod/horizon-0 2/2 Running 0 55m openstack pod/horizon-mysql-0 2/2 Running 0 61m openstack pod/horizon-mysql-router-0 2/2 Running 0 55m openstack pod/keystone-0 2/2 Running 0 55m openstack pod/keystone-mysql-0 2/2 Running 0 61m openstack pod/keystone-mysql-router-0 2/2 Running 0 55m openstack pod/modeloperator-56b4d68fb7-tznnv 1/1 Running 0 62m openstack pod/neutron-0 2/2 Running 0 55m openstack pod/neutron-mysql-0 2/2 Running 0 60m openstack pod/neutron-mysql-router-0 2/2 Running 0 55m openstack pod/nova-0 5/5 Running 0 56m openstack pod/nova-api-mysql-router-0 2/2 Running 0 56m openstack pod/nova-cell-mysql-router-0 2/2 Running 0 56m openstack pod/nova-mysql-0 2/2 Running 0 60m openstack pod/nova-mysql-router-0 2/2 Running 0 56m openstack pod/openstack-exporter-0 2/2 Running 0 22m openstack pod/ovn-central-0 4/4 Running 0 61m openstack pod/ovn-relay-0 2/2 Running 0 61m openstack pod/placement-0 2/2 Running 0 55m openstack pod/placement-mysql-0 2/2 Running 0 61m openstack pod/placement-mysql-router-0 2/2 Running 0 55m openstack pod/rabbitmq-0 2/2 Running 0 61m openstack pod/traefik-0 2/2 Running 0 61m openstack pod/traefik-public-0 2/2 Running 0 60m openstack pod/vault-0 2/2 Running 0 27m NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default service/kubernetes ClusterIP 10.152.183.1 &lt;none&gt; 443/TCP 63m kube-system service/ck-storage-rawfile-csi-controller ClusterIP None &lt;none&gt; &lt;none&gt; 63m kube-system service/ck-storage-rawfile-csi-node ClusterIP 10.152.183.237 &lt;none&gt; 9100/TCP 63m kube-system service/coredns ClusterIP 10.152.183.37 &lt;none&gt; 53/UDP,53/TCP 63m kube-system service/hubble-peer ClusterIP 10.152.183.23 &lt;none&gt; 443/TCP 63m kube-system service/metrics-server ClusterIP 10.152.183.119 &lt;none&gt; 443/TCP 63m metallb-system service/metallb-webhook-service ClusterIP 10.152.183.110 &lt;none&gt; 443/TCP 63m observability service/alertmanager ClusterIP 10.152.183.36 &lt;none&gt; 9093/TCP,9094/TCP 13m observability service/alertmanager-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 13m observability service/catalogue ClusterIP 10.152.183.190 &lt;none&gt; 80/TCP 14m observability service/catalogue-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 14m observability service/grafana ClusterIP 10.152.183.170 &lt;none&gt; 3000/TCP 13m observability service/grafana-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 13m observability service/loki ClusterIP 10.152.183.201 &lt;none&gt; 3100/TCP 13m observability service/loki-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 13m observability service/modeloperator ClusterIP 10.152.183.59 &lt;none&gt; 17071/TCP 14m observability service/prometheus ClusterIP 10.152.183.147 &lt;none&gt; 9090/TCP 13m observability service/prometheus-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 13m observability service/traefik ClusterIP 10.152.183.198 &lt;none&gt; 65535/TCP 13m observability service/traefik-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 13m observability service/traefik-lb LoadBalancer 10.152.183.60 172.16.1.205 80:30845/TCP,443:31176/TCP 13m openstack service/aodh ClusterIP 10.152.183.238 &lt;none&gt; 8042/TCP 20m openstack service/aodh-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 20m openstack service/aodh-mysql ClusterIP 10.152.183.134 &lt;none&gt; 3306/TCP,33060/TCP 23m openstack service/aodh-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 22m openstack service/aodh-mysql-primary ClusterIP 10.152.183.176 &lt;none&gt; 3306/TCP 19m openstack service/aodh-mysql-replicas ClusterIP 10.152.183.74 &lt;none&gt; 3306/TCP 19m openstack service/aodh-mysql-router ClusterIP 10.152.183.200 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 20m openstack service/aodh-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 20m openstack service/ceilometer ClusterIP 10.152.183.88 &lt;none&gt; 65535/TCP 23m openstack service/ceilometer-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 22m openstack service/certificate-authority ClusterIP 10.152.183.220 &lt;none&gt; 65535/TCP 61m openstack service/certificate-authority-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/cinder ClusterIP 10.152.183.160 &lt;none&gt; 8776/TCP 58m openstack service/cinder-ceph ClusterIP 10.152.183.202 &lt;none&gt; 65535/TCP 58m openstack service/cinder-ceph-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/cinder-ceph-mysql-router ClusterIP 10.152.183.244 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 57m openstack service/cinder-ceph-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/cinder-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/cinder-mysql ClusterIP 10.152.183.77 &lt;none&gt; 3306/TCP,33060/TCP 61m openstack service/cinder-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/cinder-mysql-primary ClusterIP 10.152.183.113 &lt;none&gt; 3306/TCP 55m openstack service/cinder-mysql-replicas ClusterIP 10.152.183.127 &lt;none&gt; 3306/TCP 55m openstack service/cinder-mysql-router ClusterIP 10.152.183.92 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 57m openstack service/cinder-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/glance ClusterIP 10.152.183.187 &lt;none&gt; 9292/TCP 58m openstack service/glance-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/glance-mysql ClusterIP 10.152.183.163 &lt;none&gt; 3306/TCP,33060/TCP 61m openstack service/glance-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/glance-mysql-primary ClusterIP 10.152.183.245 &lt;none&gt; 3306/TCP 55m openstack service/glance-mysql-replicas ClusterIP 10.152.183.246 &lt;none&gt; 3306/TCP 55m openstack service/glance-mysql-router ClusterIP 10.152.183.116 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 58m openstack service/glance-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/gnocchi ClusterIP 10.152.183.81 &lt;none&gt; 65535/TCP 20m openstack service/gnocchi-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 20m openstack service/gnocchi-mysql ClusterIP 10.152.183.35 &lt;none&gt; 3306/TCP,33060/TCP 23m openstack service/gnocchi-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 22m openstack service/gnocchi-mysql-primary ClusterIP 10.152.183.146 &lt;none&gt; 3306/TCP 19m openstack service/gnocchi-mysql-replicas ClusterIP 10.152.183.153 &lt;none&gt; 3306/TCP 19m openstack service/gnocchi-mysql-router ClusterIP 10.152.183.72 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 20m openstack service/gnocchi-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 20m openstack service/grafana-agent ClusterIP 10.152.183.169 &lt;none&gt; 3500/TCP,3600/TCP 10m openstack service/grafana-agent-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 10m openstack service/heat ClusterIP 10.152.183.151 &lt;none&gt; 8004/TCP 30m openstack service/heat-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 29m openstack service/heat-mysql ClusterIP 10.152.183.222 &lt;none&gt; 3306/TCP,33060/TCP 30m openstack service/heat-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 30m openstack service/heat-mysql-primary ClusterIP 10.152.183.98 &lt;none&gt; 3306/TCP 29m openstack service/heat-mysql-replicas ClusterIP 10.152.183.80 &lt;none&gt; 3306/TCP 29m openstack service/heat-mysql-router ClusterIP 10.152.183.249 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 30m openstack service/heat-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 29m openstack service/horizon ClusterIP 10.152.183.234 &lt;none&gt; 65535/TCP 57m openstack service/horizon-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/horizon-mysql ClusterIP 10.152.183.131 &lt;none&gt; 3306/TCP,33060/TCP 61m openstack service/horizon-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/horizon-mysql-primary ClusterIP 10.152.183.126 &lt;none&gt; 3306/TCP 55m openstack service/horizon-mysql-replicas ClusterIP 10.152.183.145 &lt;none&gt; 3306/TCP 55m openstack service/horizon-mysql-router ClusterIP 10.152.183.140 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 57m openstack service/horizon-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/keystone ClusterIP 10.152.183.63 &lt;none&gt; 5000/TCP 57m openstack service/keystone-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/keystone-mysql ClusterIP 10.152.183.48 &lt;none&gt; 3306/TCP,33060/TCP 61m openstack service/keystone-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/keystone-mysql-primary ClusterIP 10.152.183.159 &lt;none&gt; 3306/TCP 55m openstack service/keystone-mysql-replicas ClusterIP 10.152.183.114 &lt;none&gt; 3306/TCP 55m openstack service/keystone-mysql-router ClusterIP 10.152.183.108 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 57m openstack service/keystone-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/modeloperator ClusterIP 10.152.183.26 &lt;none&gt; 17071/TCP 62m openstack service/neutron ClusterIP 10.152.183.212 &lt;none&gt; 9696/TCP 57m openstack service/neutron-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/neutron-mysql ClusterIP 10.152.183.75 &lt;none&gt; 3306/TCP,33060/TCP 60m openstack service/neutron-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 60m openstack service/neutron-mysql-primary ClusterIP 10.152.183.55 &lt;none&gt; 3306/TCP 55m openstack service/neutron-mysql-replicas ClusterIP 10.152.183.34 &lt;none&gt; 3306/TCP 55m openstack service/neutron-mysql-router ClusterIP 10.152.183.197 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 57m openstack service/neutron-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/nova ClusterIP 10.152.183.104 &lt;none&gt; 8774/TCP 58m openstack service/nova-api-mysql-router ClusterIP 10.152.183.189 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 57m openstack service/nova-api-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/nova-cell-mysql-router ClusterIP 10.152.183.178 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 58m openstack service/nova-cell-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/nova-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/nova-mysql ClusterIP 10.152.183.24 &lt;none&gt; 3306/TCP,33060/TCP 61m openstack service/nova-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/nova-mysql-primary ClusterIP 10.152.183.130 &lt;none&gt; 3306/TCP 56m openstack service/nova-mysql-replicas ClusterIP 10.152.183.186 &lt;none&gt; 3306/TCP 56m openstack service/nova-mysql-router ClusterIP 10.152.183.152 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 58m openstack service/nova-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/openstack-exporter ClusterIP 10.152.183.100 &lt;none&gt; 9180/TCP 23m openstack service/openstack-exporter-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 22m openstack service/ovn-central ClusterIP 10.152.183.194 &lt;none&gt; 6641/TCP,6642/TCP 62m openstack service/ovn-central-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/ovn-relay LoadBalancer 10.152.183.149 172.16.1.201 6642:32293/TCP 62m openstack service/ovn-relay-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 62m openstack service/placement ClusterIP 10.152.183.199 &lt;none&gt; 8778/TCP 57m openstack service/placement-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/placement-mysql ClusterIP 10.152.183.83 &lt;none&gt; 3306/TCP,33060/TCP 61m openstack service/placement-mysql-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/placement-mysql-primary ClusterIP 10.152.183.188 &lt;none&gt; 3306/TCP 55m openstack service/placement-mysql-replicas ClusterIP 10.152.183.165 &lt;none&gt; 3306/TCP 55m openstack service/placement-mysql-router ClusterIP 10.152.183.248 &lt;none&gt; 6446/TCP,6447/TCP,65535/TCP 57m openstack service/placement-mysql-router-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 57m openstack service/rabbitmq LoadBalancer 10.152.183.150 172.16.1.202 5672:31615/TCP,15672:31040/TCP 61m openstack service/rabbitmq-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/traefik ClusterIP 10.152.183.125 &lt;none&gt; 65535/TCP 61m openstack service/traefik-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/traefik-lb LoadBalancer 10.152.183.221 172.16.1.203 80:32485/TCP,443:31534/TCP 61m openstack service/traefik-public ClusterIP 10.152.183.54 &lt;none&gt; 65535/TCP 61m openstack service/traefik-public-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 61m openstack service/traefik-public-lb LoadBalancer 10.152.183.115 172.16.1.204 80:30599/TCP,443:30927/TCP 60m openstack service/vault ClusterIP 10.152.183.78 &lt;none&gt; 8200/TCP 27m openstack service/vault-endpoints ClusterIP None &lt;none&gt; &lt;none&gt; 27m </code></pre> </div> <p>Une fois que MicroStack a été déployé, vous avez la possibilité de gérer les charges de travail manuellement (c’est-à-dire via la CLI d’openstack) ou avec Juju :</p> <p><a href="https://canonical.com/microstack/docs/juju-workloads" rel="noopener noreferrer">Manage workloads with Juju | Canonical</a></p> <p>Mais je vais utiliser Pulumi. Pulumi est une plateforme moderne d’infrastructure en tant que code (IaC) qui permet aux utilisateurs de gérer et de fournir une infrastructure en nuage à l’aide de langages de programmation (notamment TypeScript, JavaScript, Python, Go, .NET, Java et YAML).</p> <p><a href="https://www.pulumi.com/" rel="noopener noreferrer">Pulumi - Infrastructure as Code, Secrets Management, and AI</a></p> <blockquote> <p>Pulumi adopte une approche déclarative pour définir l’infrastructure. Les utilisateurs spécifient l’état souhaité de leur infrastructure, et Pulumi gère la création, la mise à jour et la suppression des ressources pour atteindre cet état. Cette approche est plus intuitive que la programmation impérative, où chaque étape pour atteindre l’état souhaité doit être explicitement décrite.</p> </blockquote> <p>L’interface de ligne de commande de Pulumi est le principal outil de gestion et de déploiement de l’infrastructure et je l’installe à cette étape :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~<span class="nv">$ </span>curl <span class="nt">-fsSL</span> https://get.pulumi.com | sh <span class="o">===</span> Installing Pulumi 3.144.1 <span class="o">===</span> + Downloading https://github.com/pulumi/pulumi/releases/download/v3.144.1/pulumi-v3.144.1-linux-x64.tar.gz... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- 0 100 80.1M 100 80.1M 0 0 103M 0 <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- 433M + Extracting to /home/ubuntu/.pulumi/bin + Adding /home/ubuntu/.pulumi/bin to <span class="nv">$PATH</span> <span class="k">in</span> /home/ubuntu/.bashrc <span class="o">===</span> Pulumi is now installed! 🍹 <span class="o">===</span> + Please restart your shell or add /home/ubuntu/.pulumi/bin to your <span class="nv">$PATH</span> + Get started with Pulumi: https://www.pulumi.com/docs/quickstart <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~<span class="nv">$ </span><span class="nb">source</span> .bashrc <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~<span class="nv">$ </span>pulumi Pulumi - Modern Infrastructure as Code To begin working with Pulumi, run the <span class="sb">`</span>pulumi new<span class="sb">`</span> <span class="nb">command</span>: <span class="nv">$ </span>pulumi new This will prompt you to create a new project <span class="k">for </span>your cloud and language of choice. The most common commands from there are: - pulumi up : Deploy code and/or resource changes - pulumi stack : Manage instances of your project - pulumi config : Alter your stack<span class="s1">'s configuration or secrets - pulumi destroy : Tear down your stack'</span>s resources entirely For more information, please visit the project page: https://www.pulumi.com/docs/ Usage: pulumi <span class="o">[</span><span class="nb">command</span><span class="o">]</span> Stack Management Commands: new Create a new Pulumi project config Manage configuration stack Manage stacks and view stack state console Opens the current stack <span class="k">in </span>the Pulumi Console import Import resources into an existing stack refresh Refresh the resources <span class="k">in </span>a stack state Edit the current stack<span class="s1">'s state install Install packages and plugins for the current program or policy pack. Deployment Commands: up Create or update the resources in a stack destroy Destroy all existing resources in the stack preview Show a preview of updates to a stack'</span>s resources cancel Cancel a stack<span class="s1">'s currently running update, if any Environment Commands: env Manage environments Pulumi Cloud Commands: login Log in to the Pulumi Cloud logout Log out of the Pulumi Cloud whoami Display the current logged-in user org Manage Organization configuration Policy Management Commands: policy Manage resource policies Plugin Commands: plugin Manage language and resource provider plugins schema Analyze package schemas package Work with Pulumi packages Other Commands: version Print Pulumi'</span>s version number about Print information about the Pulumi environment. gen-completion Generate completion scripts <span class="k">for </span>the Pulumi CLI Experimental Commands: convert Convert Pulumi programs from a supported <span class="nb">source </span>program into other supported languages watch Continuously update the resources <span class="k">in </span>a stack logs Show aggregated resource logs <span class="k">for </span>a stack Flags: <span class="nt">--color</span> string Colorize output. Choices are: always, never, raw, auto <span class="o">(</span>default <span class="s2">"auto"</span><span class="o">)</span> <span class="nt">-C</span>, <span class="nt">--cwd</span> string Run pulumi as <span class="k">if </span>it had been started <span class="k">in </span>another directory <span class="nt">--disable-integrity-checking</span> Disable integrity checking of checkpoint files <span class="nt">-e</span>, <span class="nt">--emoji</span> Enable emojis <span class="k">in </span>the output <span class="nt">-Q</span>, <span class="nt">--fully-qualify-stack-names</span> Show fully-qualified stack names <span class="nt">-h</span>, <span class="nt">--help</span> <span class="nb">help </span><span class="k">for </span>pulumi <span class="nt">--logflow</span> Flow log settings to child processes <span class="o">(</span>like plugins<span class="o">)</span> <span class="nt">--logtostderr</span> Log to stderr instead of to files <span class="nt">--memprofilerate</span> int Enable more precise <span class="o">(</span>and expensive<span class="o">)</span> memory allocation profiles by setting runtime.MemProfileRate <span class="nt">--non-interactive</span> Disable interactive mode <span class="k">for </span>all commands <span class="nt">--profiling</span> string Emit CPU and memory profiles and an execution trace to <span class="s1">'[filename].[pid].{cpu,mem,trace}'</span>, respectively <span class="nt">--tracing</span> file: Emit tracing to the specified endpoint. Use the file: scheme to write tracing data to a <span class="nb">local </span>file <span class="nt">-v</span>, <span class="nt">--verbose</span> int Enable verbose logging <span class="o">(</span>e.g., <span class="nv">v</span><span class="o">=</span>3<span class="o">)</span><span class="p">;</span> anything <span class="o">&gt;</span>3 is very verbose Use <span class="sb">`</span>pulumi <span class="o">[</span><span class="nb">command</span><span class="o">]</span> <span class="nt">--help</span><span class="sb">`</span> <span class="k">for </span>more information about a command. </code></pre> </div> <p>J’utilise le système de fichiers de la machine afin de stocker les fichiers d’état localement :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(base) ubuntu@microstack:~$ pulumi login --local Logged in to microstack as ubuntu (file://~) </code></pre> </div> <p>J’utilise Miniconda pour rapidement disposer d’un environnement Python prêt à l’emploi :</p> <p><a href="https://docs.anaconda.com/miniconda/" rel="noopener noreferrer">Miniconda - Anaconda documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@microstack:~<span class="nv">$ </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/miniconda3 ubuntu@microstack:~<span class="nv">$ </span>wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh <span class="nt">-O</span> ~/miniconda3/miniconda.sh ubuntu@microstack:~<span class="nv">$ </span>bash ~/miniconda3/miniconda.sh <span class="nt">-b</span> <span class="nt">-u</span> <span class="nt">-p</span> ~/miniconda3 ubuntu@microstack:~<span class="nv">$ </span><span class="nb">rm</span> ~/miniconda3/miniconda.sh <span class="nv">PREFIX</span><span class="o">=</span>/home/ubuntu/miniconda3 Unpacking payload ... Installing base environment... Preparing transaction: ...working... <span class="k">done </span>Executing transaction: ...working... <span class="k">done </span>installation finished. ubuntu@microstack:~<span class="nv">$ </span><span class="nb">source</span> ~/miniconda3/bin/activate <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~<span class="nv">$ </span>conda init <span class="nt">--all</span> no change /home/ubuntu/miniconda3/condabin/conda no change /home/ubuntu/miniconda3/bin/conda no change /home/ubuntu/miniconda3/bin/conda-env no change /home/ubuntu/miniconda3/bin/activate no change /home/ubuntu/miniconda3/bin/deactivate no change /home/ubuntu/miniconda3/etc/profile.d/conda.sh no change /home/ubuntu/miniconda3/etc/fish/conf.d/conda.fish no change /home/ubuntu/miniconda3/shell/condabin/Conda.psm1 no change /home/ubuntu/miniconda3/shell/condabin/conda-hook.ps1 no change /home/ubuntu/miniconda3/lib/python3.12/site-packages/xontrib/conda.xsh no change /home/ubuntu/miniconda3/etc/profile.d/conda.csh modified /home/ubuntu/.bashrc modified /home/ubuntu/.zshrc modified /home/ubuntu/.config/fish/config.fish modified /home/ubuntu/.xonshrc modified /home/ubuntu/.tcshrc <span class="o">==&gt;</span> For changes to take effect, close and re-open your current shell. &lt;<span class="o">==</span> <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~<span class="nv">$ </span><span class="nb">source</span> .bashrc <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~<span class="nv">$ </span><span class="nb">type </span>pip pip is /home/ubuntu/miniconda3/bin/pip </code></pre> </div> <p>Création d’un environnement avec le fournisseur OpenStack et son template en Python pour Pulumi :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~<span class="nv">$ </span><span class="nb">mkdir test</span> <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~<span class="nv">$ </span><span class="nb">cd test</span> <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span>pulumi new openstack-python This <span class="nb">command </span>will walk you through creating a new Pulumi project. Enter a value or leave blank to accept the <span class="o">(</span>default<span class="o">)</span>, and press &lt;ENTER&gt;. Press ^C at any <span class="nb">time </span>to quit. Project name <span class="o">(</span><span class="nb">test</span><span class="o">)</span>: Project description <span class="o">(</span>A minimal OpenStack Python Pulumi program<span class="o">)</span>: Created project <span class="s1">'test'</span> Stack name <span class="o">(</span>dev<span class="o">)</span>: Enter your passphrase to protect config/secrets: Re-enter your passphrase to confirm: Created stack <span class="s1">'dev'</span> The toolchain to use <span class="k">for </span>installing dependencies and running the program pip Installing dependencies... Creating virtual environment... Finished creating virtual environment Updating pip, setuptools, and wheel <span class="k">in </span>virtual environment... Requirement already satisfied: pip <span class="k">in</span> ./venv/lib/python3.12/site-packages <span class="o">(</span>24.3.1<span class="o">)</span> Collecting setuptools Downloading setuptools-75.6.0-py3-none-any.whl.metadata <span class="o">(</span>6.7 kB<span class="o">)</span> Collecting wheel Downloading wheel-0.45.1-py3-none-any.whl.metadata <span class="o">(</span>2.3 kB<span class="o">)</span> Downloading setuptools-75.6.0-py3-none-any.whl <span class="o">(</span>1.2 MB<span class="o">)</span> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.2/1.2 MB 29.2 MB/s eta 0:00:00 Downloading wheel-0.45.1-py3-none-any.whl <span class="o">(</span>72 kB<span class="o">)</span> Installing collected packages: wheel, setuptools Successfully installed setuptools-75.6.0 wheel-0.45.1 Finished updating Installing dependencies <span class="k">in </span>virtual environment... Collecting pulumi&lt;4.0.0,&gt;<span class="o">=</span>3.0.0 <span class="o">(</span>from <span class="nt">-r</span> requirements.txt <span class="o">(</span>line 1<span class="o">))</span> Downloading pulumi-3.144.1-py3-none-any.whl.metadata <span class="o">(</span>12 kB<span class="o">)</span> Collecting pulumi-openstack&lt;4.0.0,&gt;<span class="o">=</span>3.0.0 <span class="o">(</span>from <span class="nt">-r</span> requirements.txt <span class="o">(</span>line 2<span class="o">))</span> Downloading pulumi_openstack-3.15.2-py3-none-any.whl.metadata <span class="o">(</span>9.2 kB<span class="o">)</span> Collecting protobuf~<span class="o">=</span>4.21 <span class="o">(</span>from pulumi&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 1<span class="o">))</span> Downloading protobuf-4.25.5-cp37-abi3-manylinux2014_x86_64.whl.metadata <span class="o">(</span>541 bytes<span class="o">)</span> Collecting grpcio~<span class="o">=</span>1.66.2 <span class="o">(</span>from pulumi&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 1<span class="o">))</span> Downloading grpcio-1.66.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata <span class="o">(</span>3.9 kB<span class="o">)</span> Collecting dill~<span class="o">=</span>0.3 <span class="o">(</span>from pulumi&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 1<span class="o">))</span> Downloading dill-0.3.9-py3-none-any.whl.metadata <span class="o">(</span>10 kB<span class="o">)</span> Collecting six~<span class="o">=</span>1.12 <span class="o">(</span>from pulumi&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 1<span class="o">))</span> Downloading six-1.17.0-py2.py3-none-any.whl.metadata <span class="o">(</span>1.7 kB<span class="o">)</span> Collecting semver~<span class="o">=</span>2.13 <span class="o">(</span>from pulumi&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 1<span class="o">))</span> Downloading semver-2.13.0-py2.py3-none-any.whl.metadata <span class="o">(</span>5.0 kB<span class="o">)</span> Collecting pyyaml~<span class="o">=</span>6.0 <span class="o">(</span>from pulumi&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 1<span class="o">))</span> Downloading PyYAML-6.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata <span class="o">(</span>2.1 kB<span class="o">)</span> Collecting debugpy~<span class="o">=</span>1.8.7 <span class="o">(</span>from pulumi&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 1<span class="o">))</span> Downloading debugpy-1.8.11-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata <span class="o">(</span>1.1 kB<span class="o">)</span> Collecting parver&gt;<span class="o">=</span>0.2.1 <span class="o">(</span>from pulumi-openstack&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 2<span class="o">))</span> Downloading parver-0.5-py3-none-any.whl.metadata <span class="o">(</span>2.7 kB<span class="o">)</span> Collecting arpeggio&gt;<span class="o">=</span>1.7 <span class="o">(</span>from parver&gt;<span class="o">=</span>0.2.1-&gt;pulumi-openstack&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 2<span class="o">))</span> Downloading Arpeggio-2.0.2-py2.py3-none-any.whl.metadata <span class="o">(</span>2.4 kB<span class="o">)</span> Collecting attrs&gt;<span class="o">=</span>19.2 <span class="o">(</span>from parver&gt;<span class="o">=</span>0.2.1-&gt;pulumi-openstack&lt;4.0.0,&gt;<span class="o">=</span>3.0.0-&gt;-r requirements.txt <span class="o">(</span>line 2<span class="o">))</span> Downloading attrs-24.3.0-py3-none-any.whl.metadata <span class="o">(</span>11 kB<span class="o">)</span> Downloading pulumi-3.144.1-py3-none-any.whl <span class="o">(</span>294 kB<span class="o">)</span> Downloading pulumi_openstack-3.15.2-py3-none-any.whl <span class="o">(</span>551 kB<span class="o">)</span> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 551.5/551.5 kB 19.0 MB/s eta 0:00:00 Downloading debugpy-1.8.11-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl <span class="o">(</span>4.2 MB<span class="o">)</span> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.2/4.2 MB 99.4 MB/s eta 0:00:00 Downloading dill-0.3.9-py3-none-any.whl <span class="o">(</span>119 kB<span class="o">)</span> Downloading grpcio-1.66.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl <span class="o">(</span>5.8 MB<span class="o">)</span> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 5.8/5.8 MB 10.8 MB/s eta 0:00:00 Downloading parver-0.5-py3-none-any.whl <span class="o">(</span>15 kB<span class="o">)</span> Downloading protobuf-4.25.5-cp37-abi3-manylinux2014_x86_64.whl <span class="o">(</span>294 kB<span class="o">)</span> Downloading PyYAML-6.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl <span class="o">(</span>767 kB<span class="o">)</span> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 767.5/767.5 kB 120.7 MB/s eta 0:00:00 Downloading semver-2.13.0-py2.py3-none-any.whl <span class="o">(</span>12 kB<span class="o">)</span> Downloading six-1.17.0-py2.py3-none-any.whl <span class="o">(</span>11 kB<span class="o">)</span> Downloading Arpeggio-2.0.2-py2.py3-none-any.whl <span class="o">(</span>55 kB<span class="o">)</span> Downloading attrs-24.3.0-py3-none-any.whl <span class="o">(</span>63 kB<span class="o">)</span> Installing collected packages: arpeggio, six, semver, pyyaml, protobuf, grpcio, dill, debugpy, attrs, pulumi, parver, pulumi-openstack Successfully installed arpeggio-2.0.2 attrs-24.3.0 debugpy-1.8.11 dill-0.3.9 grpcio-1.66.2 parver-0.5 protobuf-4.25.5 pulumi-3.144.1 pulumi-openstack-3.15.2 pyyaml-6.0.2 semver-2.13.0 six-1.17.0 Finished installing dependencies Finished installing dependencies Your new project is ready to go! To perform an initial deployment, run <span class="sb">`</span>pulumi up<span class="sb">`</span> <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span><span class="nb">ls </span>Pulumi.dev.yaml Pulumi.yaml __main__.py requirements.txt venv <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span><span class="nb">cat </span>Pulumi.yaml name: <span class="nb">test </span>description: A minimal OpenStack Python Pulumi program runtime: name: python options: toolchain: pip virtualenv: venv config: pulumi:tags: value: pulumi:template: openstack-python </code></pre> </div> <p>Je modifie le principal fichier Python pour déployer une stack avec une nouvelle instance Ubuntu de test :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">(</span><span class="n">base</span><span class="p">)</span> <span class="n">ubuntu</span><span class="nd">@microstack</span><span class="p">:</span><span class="o">~/</span><span class="n">test</span><span class="err">$</span> <span class="n">cat</span> <span class="n">__main__</span><span class="p">.</span><span class="n">py</span> <span class="sh">"""</span><span class="s">An OpenStack Python Pulumi program</span><span class="sh">"""</span> <span class="kn">import</span> <span class="n">pulumi</span> <span class="kn">from</span> <span class="n">pulumi_openstack</span> <span class="kn">import</span> <span class="n">compute</span> <span class="c1"># Create an OpenStack resource (Compute Instance) </span><span class="n">instance</span> <span class="o">=</span> <span class="n">compute</span><span class="p">.</span><span class="nc">Instance</span><span class="p">(</span><span class="sh">'</span><span class="s">test-pulumi</span><span class="sh">'</span><span class="p">,</span> <span class="n">flavor_name</span><span class="o">=</span><span class="sh">'</span><span class="s">m1.small</span><span class="sh">'</span><span class="p">,</span> <span class="n">key_pair</span><span class="o">=</span><span class="sh">"</span><span class="s">sunbeam</span><span class="sh">"</span><span class="p">,</span> <span class="n">image_name</span><span class="o">=</span><span class="sh">'</span><span class="s">ubuntu</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Export the IP of the instance </span><span class="n">pulumi</span><span class="p">.</span><span class="nf">export</span><span class="p">(</span><span class="sh">'</span><span class="s">instance_ip</span><span class="sh">'</span><span class="p">,</span> <span class="n">instance</span><span class="p">.</span><span class="n">access_ip_v4</span><span class="p">)</span> </code></pre> </div> <p>Et je déploie ma stack avec Pulumi en utilisant les variables d’environnement du tenant de démonstration :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span><span class="nb">source</span> ../demo-openrc <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span>pulumi up Enter your passphrase to unlock config/secrets <span class="o">(</span><span class="nb">set </span>PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE to remember<span class="o">)</span>: Enter your passphrase to unlock config/secrets Previewing update <span class="o">(</span>dev<span class="o">)</span>: Type Name Plan Info + pulumi:pulumi:Stack test-dev create 1 warning + └─ openstack:compute:Instance test-pulumi create Diagnostics: pulumi:pulumi:Stack <span class="o">(</span>test-dev<span class="o">)</span>: warning: provider config warning: Users not using loadbalancer resources can ignore this message. Support <span class="k">for </span>neutron-lbaas will be removed on next major release. Octavia will be the only supported method <span class="k">for </span>loadbalancer resources. Users using octavia will have to remove <span class="s1">'use_octavia'</span> option from the provider configuration block. Users using neutron-lbaas will have to migrate/upgrade to octavia. Outputs: instance_ip: output&lt;string&gt; Resources: + 2 to create Do you want to perform this update? <span class="nb">yes </span>Updating <span class="o">(</span>dev<span class="o">)</span>: Type Name Status Info + pulumi:pulumi:Stack test-dev created <span class="o">(</span>15s<span class="o">)</span> 1 warning + └─ openstack:compute:Instance test-pulumi created <span class="o">(</span>15s<span class="o">)</span> Diagnostics: pulumi:pulumi:Stack <span class="o">(</span>test-dev<span class="o">)</span>: warning: provider config warning: Users not using loadbalancer resources can ignore this message. Support <span class="k">for </span>neutron-lbaas will be removed on next major release. Octavia will be the only supported method <span class="k">for </span>loadbalancer resources. Users using octavia will have to remove <span class="s1">'use_octavia'</span> option from the provider configuration block. Users using neutron-lbaas will have to migrate/upgrade to octavia. Outputs: instance_ip: <span class="s2">"192.168.0.227"</span> Resources: + 2 created Duration: 16s </code></pre> </div> <p>L’instance est créée …</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foym3ufblhg3fzsczt884.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foym3ufblhg3fzsczt884.png" width="800" height="317"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span>openstack server list +--------------------------------------+---------------------+--------+-----------------------------------------+--------+----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+---------------------+--------+-----------------------------------------+--------+----------+ | 6ec4c753-92c5-4221-a76d-8045638efd32 | test-pulumi-54bdcae | ACTIVE | demo-network<span class="o">=</span>192.168.0.227 | ubuntu | m1.small | | efe46971-56f4-4da4-9c6e-eebee2795b72 | instance1 | ACTIVE | demo-network<span class="o">=</span>172.16.2.31, 192.168.0.166 | ubuntu | m1.tiny | +--------------------------------------+---------------------+--------+-----------------------------------------+--------+----------+ <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span>openstack server show test-pulumi-54bdcae <span class="nt">--fit</span> +-------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | None | | OS-EXT-SRV-ATTR:hostname | test-pulumi-54bdcae | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | OS-EXT-SRV-ATTR:instance_name | None | | OS-EXT-SRV-ATTR:kernel_id | None | | OS-EXT-SRV-ATTR:launch_index | None | | OS-EXT-SRV-ATTR:ramdisk_id | None | | OS-EXT-SRV-ATTR:reservation_id | None | | OS-EXT-SRV-ATTR:root_device_name | None | | OS-EXT-SRV-ATTR:user_data | None | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2024-12-24T10:36:58.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | demo-network<span class="o">=</span>192.168.0.227 | | config_drive | | | created | 2024-12-24T10:36:53Z | | description | test-pulumi-54bdcae | | flavor | <span class="nv">description</span><span class="o">=</span>, <span class="nv">disk</span><span class="o">=</span><span class="s1">'30'</span>, <span class="nv">ephemeral</span><span class="o">=</span><span class="s1">'0'</span>, , <span class="nb">id</span><span class="o">=</span><span class="s1">'m1.small'</span>, <span class="nv">is_disabled</span><span class="o">=</span>, <span class="nv">is_public</span><span class="o">=</span><span class="s1">'True'</span>, <span class="nv">location</span><span class="o">=</span>, <span class="nv">name</span><span class="o">=</span><span class="s1">'m1.small'</span>, <span class="nv">original_name</span><span class="o">=</span><span class="s1">'m1.small'</span>, | | | <span class="nv">ram</span><span class="o">=</span><span class="s1">'2048'</span>, <span class="nv">rxtx_factor</span><span class="o">=</span>, <span class="nv">swap</span><span class="o">=</span><span class="s1">'0'</span>, <span class="nv">vcpus</span><span class="o">=</span><span class="s1">'1'</span> | | hostId | 021ebc639163d77a5eb8018996d0b8aad50066a8552682313f3f293f | | host_status | None | | <span class="nb">id</span> | 6ec4c753-92c5-4221-a76d-8045638efd32 | | image | ubuntu <span class="o">(</span>ff3ccb3b-f44f-4b50-a030-20267c302d75<span class="o">)</span> | | key_name | sunbeam | | locked | False | | locked_reason | None | | name | test-pulumi-54bdcae | | progress | 0 | | project_id | 8b373f844efd47c8b38c4f1bcdcfba2a | | properties | | | security_groups | <span class="nv">name</span><span class="o">=</span><span class="s1">'default'</span> | | server_groups | <span class="o">[]</span> | | status | ACTIVE | | tags | | | trusted_image_certificates | None | | updated | 2024-12-24T10:36:59Z | | user_id | 114709b3342c45f295d116c63c51884a | | volumes_attached | | +-------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+ </code></pre> </div> <p>Et on s’y connecte en y adjoignant une adresse IP flottante :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~<span class="nv">$ </span>ssh <span class="nt">-i</span> snap/openstack/637/sunbeam ubuntu@172.16.2.124 Welcome to Ubuntu 22.04.5 LTS <span class="o">(</span>GNU/Linux 5.15.0-127-generic x86_64<span class="o">)</span> <span class="k">*</span> Documentation: https://help.ubuntu.com <span class="k">*</span> Management: https://landscape.canonical.com <span class="k">*</span> Support: https://ubuntu.com/pro System information as of Tue Dec 24 10:42:48 UTC 2024 System load: 0.0 Processes: 89 Usage of /: 5.0% of 28.89GB Users logged <span class="k">in</span>: 0 Memory usage: 9% IPv4 address <span class="k">for </span>ens3: 192.168.0.227 Swap usage: 0% Expanded Security Maintenance <span class="k">for </span>Applications is not enabled. 0 updates can be applied immediately. Enable ESM Apps to receive additional future security updates. See https://ubuntu.com/esm or run: <span class="nb">sudo </span>pro status The list of available updates is more than a week old. To check <span class="k">for </span>new updates run: <span class="nb">sudo </span>apt update New release <span class="s1">'24.04.1 LTS'</span> available. Run <span class="s1">'do-release-upgrade'</span> to upgrade to it. Last login: Tue Dec 24 10:42:48 2024 from 172.16.2.1 To run a <span class="nb">command </span>as administrator <span class="o">(</span>user <span class="s2">"root"</span><span class="o">)</span>, use <span class="s2">"sudo &lt;command&gt;"</span><span class="nb">.</span> See <span class="s2">"man sudo_root"</span> <span class="k">for </span>details. </code></pre> </div> <p>Une instance facilement supprimée via la stack déployée par Pulumi :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span>pulumi destroy Enter your passphrase to unlock config/secrets <span class="o">(</span><span class="nb">set </span>PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE to remember<span class="o">)</span>: Enter your passphrase to unlock config/secrets Previewing destroy <span class="o">(</span>dev<span class="o">)</span>: Type Name Plan - pulumi:pulumi:Stack test-dev delete - └─ openstack:compute:Instance test-pulumi delete Outputs: - instance_ip: <span class="s2">"192.168.0.227"</span> Resources: - 2 to delete Do you want to perform this destroy? <span class="nb">yes </span>Destroying <span class="o">(</span>dev<span class="o">)</span>: Type Name Status - pulumi:pulumi:Stack test-dev deleted <span class="o">(</span>0.00s<span class="o">)</span> - └─ openstack:compute:Instance test-pulumi deleted <span class="o">(</span>10s<span class="o">)</span> Outputs: - instance_ip: <span class="s2">"192.168.0.227"</span> Resources: - 2 deleted Duration: 11s The resources <span class="k">in </span>the stack have been deleted, but the <span class="nb">history </span>and configuration associated with the stack are still maintained. If you want to remove the stack completely, run <span class="sb">`</span>pulumi stack <span class="nb">rm </span>dev<span class="sb">`</span><span class="nb">.</span> <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span>openstack server list +--------------------------------------+-----------+--------+-----------------------------------------+--------+---------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-----------+--------+-----------------------------------------+--------+---------+ | efe46971-56f4-4da4-9c6e-eebee2795b72 | instance1 | ACTIVE | demo-network<span class="o">=</span>172.16.2.31, 192.168.0.166 | ubuntu | m1.tiny | +--------------------------------------+-----------+--------+-----------------------------------------+--------+---------+ <span class="o">(</span>base<span class="o">)</span> ubuntu@microstack:~/test<span class="nv">$ </span>pulumi stack <span class="nb">rm </span>dev This will permanently remove the <span class="s1">'dev'</span> stack! Please confirm that this is what you<span class="s1">'d like to do by typing `dev`: dev Stack '</span>dev<span class="s1">' has been removed! (base) ubuntu@microstack:~/test$ pulumi stack ls NAME LAST UPDATE RESOURCE COUNT </span></code></pre> </div> <p>La pile d’observabilité Canonical (COS) a été déployée précedemment. MicroStack propagera automatiquement les métriques et les tableaux de bord par défaut, vous permettant de surveiller sans effort l’état de votre déploiement de Sunbeam à un ou plusieurs nœuds sans avoir besoin d’une configuration supplémentaire via Grafana (dont on a obtenu les identifiants via Juju) :</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flcnm982bwfjjqdythhbn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flcnm982bwfjjqdythhbn.png" width="800" height="416"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1uy5vwpxoa2hi63ddjwo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1uy5vwpxoa2hi63ddjwo.png" width="800" height="416"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3vpbkobh4tbtcq8jcw4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3vpbkobh4tbtcq8jcw4.png" width="800" height="416"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flsc1awbmv29eylgiut4i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flsc1awbmv29eylgiut4i.png" width="800" height="416"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgt0r9060m67rf1ps4niu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgt0r9060m67rf1ps4niu.png" width="800" height="416"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fauqmuebf6xoyirqqawcq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fauqmuebf6xoyirqqawcq.png" width="800" height="416"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9y7lagi2zrc0oui8m1nq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9y7lagi2zrc0oui8m1nq.png" width="800" height="416"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsgbb1e9l1dsq6v81ikwl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsgbb1e9l1dsq6v81ikwl.png" width="800" height="416"></a></p> <p>Et le tout (dans ce cas précis) pour une consommation conséquente …</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu4ns3zmqexn1010vg7qu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu4ns3zmqexn1010vg7qu.png" width="800" height="416"></a></p> <p>Pour des déploiements plus avancés, MicroStack supporte également les clusters multi-nœuds. Vous pouvez suivre le tutoriel détaillé sur la documentation officielle de Canonical pour déployer un cluster OpenStack multi-nœuds via Sunbeam et MAAS :</p> <ul> <li><a href="https://canonical.com/microstack/docs/multi-node" rel="noopener noreferrer">Multi-node | Canonical</a></li> <li><a href="https://canonical.com/microstack/docs/multi-node-maas" rel="noopener noreferrer">Multi-node with MAAS | Canonical</a></li> </ul> <p>Comme on a pule voir, MicroStack est conçu pour être hautemement personnalisable , permettant l’intégration de divers backends de stockage tels que Cinder (stockage en bloc) et Swift (stockage d’objets).</p> <p><a href="https://canonical.com/microstack/docs/object-storage" rel="noopener noreferrer">Object Storage | Canonical</a></p> <p>Les entreprises peuvent adapter la plateforme à leurs besoins uniques en intégrant des plug-ins et des extensions spécifiques. MicroStack offre une solution de cloud privée légère, facile à installer et à utiliser, ce qui en fait un choix idéal pour les organisations cherchant à déployer rapidement un environnement cloud sans la complexité traditionnelle associée à OpenStack. Avec sa flexibilité et sa capacité de customisation, MicroStack est une solution robuste et adaptable pour une variété de besoins en infrastructure cloud y compris pour le contexte de l’Edge Computing …</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F563uzhqqa1r3a1gm7z7u.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F563uzhqqa1r3a1gm7z7u.jpg" width="534" height="467"></a></p> ubuntu openstack devops kubernetes Karim Mon, 03 Jun 2024 15:53:30 +0000 https://forem.com/deep75/une-autre-maniere-de-faire-fonctionner-openstack-au-dessus-de-kubernetes-avec-atmosphere--jba https://forem.com/deep75/une-autre-maniere-de-faire-fonctionner-openstack-au-dessus-de-kubernetes-avec-atmosphere--jba <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Au_-0fC4skAZuh9AVXmpT7Q.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Au_-0fC4skAZuh9AVXmpT7Q.png"></a></p> <p>Plusieurs projets de déploiement d’OpenStack qui reposent sur un cluster Kubernetes existent à commencer par OpenStack Helm :</p> <ul> <li><a href="https://wiki.openstack.org/wiki/Openstack-helm" rel="noopener noreferrer">Openstack-helm</a></li> <li><a href="https://github.com/openstack/openstack-helm" rel="noopener noreferrer">GitHub - openstack/openstack-helm: Helm charts for deploying OpenStack on Kubernetes. Mirror of code maintained at opendev.org.</a></li> </ul> <blockquote> <p>Mais c’est aussi le cas du projet open source Atmosphere du fournisseur Cloud Vexxhost qui fournit un large éventail de fonctionnalités d’infrastructure, notamment des machines virtuelles, Kubernetes, du bare metal, du stockage en bloc et en objet, des équilibreurs de charge en tant que service, et plus encore …</p> </blockquote> <p><a href="https://vexxhost.com/platform/" rel="noopener noreferrer">Atmosphere deployment tool | VEXXHOST</a></p> <p>Atmosphere fait tourner OpenStack au-dessus de Kubernetes. Cette configuration permet des déploiements, des mises à niveau et des contrôles de santé simples et facile.</p> <p><a href="https://vexxhost.com/company/newsroom/vexxhost-launches-atmosphere-a-new-open-source-openstack-deployment-tool/" rel="noopener noreferrer">VEXXHOST Launches Atmosphere, a New Open Source, OpenStack Deployment Tool</a></p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/wHrTGBdqmmI"> </iframe> </p> <p><a href="https://github.com/vexxhost/atmosphere" rel="noopener noreferrer">GitHub - vexxhost/atmosphere: Simple &amp; easy private cloud platform featuring VMs, Kubernetes &amp; bare-metal</a></p> <p>Je vais simplement suivre le modus operandi proposé par Vexxhost pour un serveur Bare Metal :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F583%2F0%2ATR5ELWDZxFDXLarG.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F583%2F0%2ATR5ELWDZxFDXLarG.jpg"></a></p> <ul> <li><a href="https://vexxhost.github.io/atmosphere/quick-start.html" rel="noopener noreferrer">Quick Start - Atmosphere 1.10.4.post231.dev0+f2e3b279 documentation</a></li> <li><a href="https://deep75.medium.com/openstack-sur-lxd-avec-juju-et-k3sup-dans-phoenixnap-e5867a487497" rel="noopener noreferrer">OpenStack sur LXD avec Juju et k3sup dans phoenixNAP …</a></li> <li><a href="https://dev.to/deep75/openstack-on-lxd-et-k0s-dans-un-serveur-bare-metal-arm-64-bits-d-aws-5hce">“OpenStack on LXD” et “k0s” dans un serveur Bare Metal ARM 64 Bits d’AWS …</a></li> <li><a href="https://dev.to/deep75/creer-simplement-un-cluster-k8s-dans-phoenixnap-avec-rancher-en-quelques-clics--3d6i">Créer simplement un cluster k8s dans PhoenixNAP avec Rancher en quelques clics ...</a></li> </ul> <p>Pour cela je pars d’un serveur dans PhoenixNAP sous Ubuntu 22.04 LTS :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AUlAO_YM2O1eRwsUv6BYwoQ.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AUlAO_YM2O1eRwsUv6BYwoQ.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ArN5mS70yck-ErBC_Yp8isg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ArN5mS70yck-ErBC_Yp8isg.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AZk3XoBUwg29VNcuNrXW0yQ.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AZk3XoBUwg29VNcuNrXW0yQ.png"></a></p> <p>Mise à jour de ce dernier et installation des paquets nécessaires au lancement du déploiement d’Atmosphere :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@atmosphere:~<span class="nv">$ </span><span class="nb">sudo </span>apt-get update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt-get <span class="nb">install </span>git python3-pip <span class="nt">-y</span> <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>pip <span class="nb">install </span>poetry ubuntu@atmosphere:~<span class="nv">$ </span>git clone https://github.com/vexxhost/atmosphere.git Cloning into <span class="s1">'atmosphere'</span>... remote: Enumerating objects: 25111, <span class="k">done</span><span class="nb">.</span> remote: Counting objects: 100% <span class="o">(</span>825/825<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> remote: Compressing objects: 100% <span class="o">(</span>398/398<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> remote: Total 25111 <span class="o">(</span>delta 377<span class="o">)</span>, reused 704 <span class="o">(</span>delta 306<span class="o">)</span>, pack-reused 24286 Receiving objects: 100% <span class="o">(</span>25111/25111<span class="o">)</span>, 10.78 MiB | 50.17 MiB/s, <span class="k">done</span><span class="nb">.</span> Resolving deltas: 100% <span class="o">(</span>14299/14299<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> ubuntu@atmosphere:~<span class="nv">$ </span><span class="nb">cd </span>atmosphere/ ubuntu@atmosphere:~/atmosphere<span class="nv">$ </span><span class="nb">ls </span>CHANGELOG.md Jenkinsfile build doc galaxy.yml hack meta playbooks pyproject.toml test-requirements.txt tox.ini Dockerfile README.md charts flake.lock go.mod images mkdocs.yml plugins release-please-config.json tests zuul.d Earthfile atmosphere cmd flake.nix go.sum internal molecule poetry.lock roles tools ubuntu@atmosphere:~/atmosphere<span class="nv">$ </span><span class="nb">sudo </span>poetry <span class="nb">install</span> <span class="nt">--with</span> dev Creating virtualenv atmosphere-NEvTTHEY-py3.10 <span class="k">in</span> /root/.cache/pypoetry/virtualenvs Installing dependencies from lock file Package operations: 89 installs, 0 updates, 0 removals - Installing attrs <span class="o">(</span>23.2.0<span class="o">)</span> - Installing pycparser <span class="o">(</span>2.22<span class="o">)</span> - Installing rpds-py <span class="o">(</span>0.18.0<span class="o">)</span> - Installing cffi <span class="o">(</span>1.16.0<span class="o">)</span> - Installing markupsafe <span class="o">(</span>2.1.5<span class="o">)</span> - Installing mdurl <span class="o">(</span>0.1.2<span class="o">)</span> - Installing referencing <span class="o">(</span>0.35.0<span class="o">)</span> - Installing cryptography <span class="o">(</span>42.0.5<span class="o">)</span> - Installing jinja2 <span class="o">(</span>3.1.3<span class="o">)</span> - Installing jsonschema-specifications <span class="o">(</span>2023.12.1<span class="o">)</span> - Installing markdown-it-py <span class="o">(</span>3.0.0<span class="o">)</span> - Installing packaging <span class="o">(</span>24.0<span class="o">)</span> - Installing pbr <span class="o">(</span>6.0.0<span class="o">)</span> - Installing pygments <span class="o">(</span>2.17.2<span class="o">)</span> - Installing pyyaml <span class="o">(</span>6.0.1<span class="o">)</span> - Installing resolvelib <span class="o">(</span>1.0.1<span class="o">)</span> - Installing wrapt <span class="o">(</span>1.16.0<span class="o">)</span> - Installing ansible-core <span class="o">(</span>2.16.6<span class="o">)</span> - Installing bracex <span class="o">(</span>2.4<span class="o">)</span> - Installing certifi <span class="o">(</span>2024.2.2<span class="o">)</span> - Installing charset-normalizer <span class="o">(</span>3.3.2<span class="o">)</span> - Installing click <span class="o">(</span>8.1.7<span class="o">)</span> - Installing debtcollector <span class="o">(</span>3.0.0<span class="o">)</span> - Installing idna <span class="o">(</span>3.7<span class="o">)</span> - Installing iso8601 <span class="o">(</span>2.1.0<span class="o">)</span> - Installing jsonschema <span class="o">(</span>4.21.1<span class="o">)</span> - Installing netaddr <span class="o">(</span>0.8.0<span class="o">)</span> - Installing netifaces <span class="o">(</span>0.11.0<span class="o">)</span> - Installing oslo-i18n <span class="o">(</span>6.3.0<span class="o">)</span> - Installing pyparsing <span class="o">(</span>3.1.2<span class="o">)</span> - Installing rich <span class="o">(</span>13.7.1<span class="o">)</span> - Installing subprocess-tee <span class="o">(</span>0.4.1<span class="o">)</span> - Installing tzdata <span class="o">(</span>2024.1<span class="o">)</span> - Installing urllib3 <span class="o">(</span>2.2.1<span class="o">)</span> - Installing ansible-compat <span class="o">(</span>4.1.11<span class="o">)</span> - Installing click-help-colors <span class="o">(</span>0.9.4<span class="o">)</span> - Installing decorator <span class="o">(</span>5.1.1<span class="o">)</span> - Installing distro <span class="o">(</span>1.9.0<span class="o">)</span> - Installing enrich <span class="o">(</span>1.2.7<span class="o">)</span> - Installing exceptiongroup <span class="o">(</span>1.2.1<span class="o">)</span> - Installing iniconfig <span class="o">(</span>2.0.0<span class="o">)</span> - Installing jsonpointer <span class="o">(</span>2.4<span class="o">)</span> - Installing mccabe <span class="o">(</span>0.7.0<span class="o">)</span> - Installing msgpack <span class="o">(</span>1.0.8<span class="o">)</span> - Installing os-service-types <span class="o">(</span>1.7.0<span class="o">)</span> - Installing oslo-utils <span class="o">(</span>7.1.0<span class="o">)</span> - Installing pluggy <span class="o">(</span>1.5.0<span class="o">)</span> - Installing pycodestyle <span class="o">(</span>2.9.1<span class="o">)</span> - Installing pyflakes <span class="o">(</span>2.5.0<span class="o">)</span> - Installing requests <span class="o">(</span>2.31.0<span class="o">)</span> - Installing rfc3986 <span class="o">(</span>2.0.0<span class="o">)</span> - Installing six <span class="o">(</span>1.16.0<span class="o">)</span> - Installing stevedore <span class="o">(</span>5.2.0<span class="o">)</span> - Installing tomli <span class="o">(</span>2.0.1<span class="o">)</span> - Installing typing-extensions <span class="o">(</span>4.11.0<span class="o">)</span> - Installing wcmatch <span class="o">(</span>8.5.1<span class="o">)</span> - Installing appdirs <span class="o">(</span>1.4.4<span class="o">)</span> - Installing coverage <span class="o">(</span>7.5.0<span class="o">)</span> - Installing docker <span class="o">(</span>7.0.0<span class="o">)</span> - Installing dogpile-cache <span class="o">(</span>1.3.2<span class="o">)</span> - Installing execnet <span class="o">(</span>2.1.1<span class="o">)</span> - Installing flake8 <span class="o">(</span>5.0.4<span class="o">)</span> - Installing isort <span class="o">(</span>5.13.2<span class="o">)</span> - Installing jmespath <span class="o">(</span>1.0.1<span class="o">)</span> - Installing jsonpatch <span class="o">(</span>1.33<span class="o">)</span> - Installing keystoneauth1 <span class="o">(</span>5.6.0<span class="o">)</span> - Installing molecule <span class="o">(</span>6.0.3<span class="o">)</span> - Installing munch <span class="o">(</span>4.0.0<span class="o">)</span> - Installing oslo-config <span class="o">(</span>9.4.0<span class="o">)</span> - Installing oslo-context <span class="o">(</span>5.5.0<span class="o">)</span> - Installing oslo-serialization <span class="o">(</span>5.4.0<span class="o">)</span> - Installing py <span class="o">(</span>1.11.0<span class="o">)</span> - Installing pyinotify <span class="o">(</span>0.9.6<span class="o">)</span> - Installing pytest <span class="o">(</span>7.4.4<span class="o">)</span> - Installing python-dateutil <span class="o">(</span>2.9.0.post0<span class="o">)</span> - Installing regex <span class="o">(</span>2024.4.28<span class="o">)</span> - Installing requestsexceptions <span class="o">(</span>1.4.0<span class="o">)</span> - Installing selinux <span class="o">(</span>0.3.0<span class="o">)</span> - Installing docker-image-py <span class="o">(</span>0.1.12<span class="o">)</span> - Installing flake8-isort <span class="o">(</span>4.2.0<span class="o">)</span> - Installing molecule-plugins <span class="o">(</span>23.5.3<span class="o">)</span> - Installing openstacksdk <span class="o">(</span>0.62.0<span class="o">)</span> - Installing oslo-log <span class="o">(</span>5.5.1<span class="o">)</span> - Installing pytest-cov <span class="o">(</span>3.0.0<span class="o">)</span> - Installing pytest-forked <span class="o">(</span>1.6.0<span class="o">)</span> - Installing pytest-mock <span class="o">(</span>3.14.0<span class="o">)</span> - Installing pytest-xdist <span class="o">(</span>3.6.1<span class="o">)</span> - Installing rjsonnet <span class="o">(</span>0.5.4<span class="o">)</span> - Installing ruyaml <span class="o">(</span>0.91.0<span class="o">)</span> Installing the current project: atmosphere <span class="o">(</span>1.10.4.post186.dev0+779cb921<span class="o">)</span> </code></pre> </div> <p>Très rapidement, je lance le déploiement qui prend un peu moins d’une heure ici :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@atmosphere:~/atmosphere<span class="nv">$ </span><span class="nb">sudo </span>poetry run molecule converge <span class="nt">-s</span> aio INFO aio scenario <span class="nb">test </span>matrix: dependency, create, prepare, converge INFO Performing prerun with <span class="nv">role_name_check</span><span class="o">=</span>0... INFO Running aio <span class="o">&gt;</span> dependency WARNING Skipping, missing the requirements file. WARNING Skipping, missing the requirements file. INFO Running aio <span class="o">&gt;</span> create PLAY <span class="o">[</span>Wait <span class="k">for </span>user to <span class="nb">read </span>warning] <span class="k">*******************************************</span> TASK <span class="o">[</span>Gathering Facts] <span class="k">*********************************************************</span> Monday 03 June 2024 12:02:39 +0000 <span class="o">(</span>0:00:00.020<span class="o">)</span> 0:00:00.020 <span class="k">***********</span> ok: <span class="o">[</span>localhost] <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> PLAY <span class="o">[</span>Configure networking] <span class="k">****************************************************</span> TASK <span class="o">[</span>Gathering Facts] <span class="k">*********************************************************</span> Monday 03 June 2024 12:49:26 +0000 <span class="o">(</span>0:00:00.418<span class="o">)</span> 0:45:34.621 <span class="k">***********</span> ok: <span class="o">[</span>instance] TASK <span class="o">[</span>Add IP address to <span class="s2">"br-ex"</span><span class="o">]</span> <span class="k">***********************************************</span> Monday 03 June 2024 12:49:28 +0000 <span class="o">(</span>0:00:02.159<span class="o">)</span> 0:45:36.781 <span class="k">***********</span> ok: <span class="o">[</span>instance] TASK <span class="o">[</span>Set <span class="s2">"br-ex"</span> interface to <span class="s2">"up"</span><span class="o">]</span> <span class="k">*******************************************</span> Monday 03 June 2024 12:49:28 +0000 <span class="o">(</span>0:00:00.153<span class="o">)</span> 0:45:36.934 <span class="k">***********</span> ok: <span class="o">[</span>instance] PLAY RECAP <span class="k">*********************************************************************</span> instance : <span class="nv">ok</span><span class="o">=</span>669 <span class="nv">changed</span><span class="o">=</span>267 <span class="nv">unreachable</span><span class="o">=</span>0 <span class="nv">failed</span><span class="o">=</span>0 <span class="nv">skipped</span><span class="o">=</span>246 <span class="nv">rescued</span><span class="o">=</span>0 <span class="nv">ignored</span><span class="o">=</span>1 Monday 03 June 2024 12:49:28 +0000 <span class="o">(</span>0:00:00.304<span class="o">)</span> 0:45:37.239 <span class="k">***********</span> <span class="o">===============================================================================</span> vexxhost.atmosphere.percona_xtradb_cluster : Apply Percona XtraDB cluster - 203.51s vexxhost.atmosphere.cinder : Deploy Helm chart <span class="nt">------------------------</span> 157.84s vexxhost.atmosphere.keycloak : Deploy Helm chart <span class="nt">----------------------</span> 156.65s vexxhost.atmosphere.heat : Deploy Helm chart <span class="nt">--------------------------</span> 120.67s vexxhost.atmosphere.manila : Deploy Helm chart <span class="nt">------------------------</span> 104.84s vexxhost.atmosphere.nova : Deploy Helm chart <span class="nt">--------------------------</span> 100.67s vexxhost.ceph.osd : Install OSDs <span class="nt">---------------------------------------</span> 89.67s vexxhost.atmosphere.glance : Deploy Helm chart <span class="nt">-------------------------</span> 88.95s vexxhost.atmosphere.magnum : Deploy Helm chart <span class="nt">-------------------------</span> 88.06s vexxhost.atmosphere.octavia : Deploy Helm chart <span class="nt">------------------------</span> 83.51s vexxhost.atmosphere.keystone : Deploy Helm chart <span class="nt">-----------------------</span> 80.67s vexxhost.atmosphere.neutron : Deploy Helm chart <span class="nt">------------------------</span> 74.13s vexxhost.atmosphere.barbican : Deploy Helm chart <span class="nt">-----------------------</span> 67.48s vexxhost.ceph.mon : Run Bootstrap coomand <span class="nt">------------------------------</span> 62.21s vexxhost.atmosphere.placement : Deploy Helm chart <span class="nt">----------------------</span> 58.82s vexxhost.kubernetes.cluster_api : Set node selector <span class="k">for </span>Cluster API components <span class="nt">--</span> 57.15s vexxhost.atmosphere.glance_image : Download image <span class="nt">----------------------</span> 53.93s vexxhost.atmosphere.glance_image : Check <span class="k">if </span>image exists <span class="nt">---------------</span> 50.38s vexxhost.atmosphere.neutron : Create networks <span class="nt">--------------------------</span> 36.62s vexxhost.atmosphere.rabbitmq : Deploy cluster <span class="nt">--------------------------</span> 35.65s </code></pre> </div> <p>Le cluster est déployé et je peux vérifier les accès disponibles localement sur ce serveur physique :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@instance:~# apt <span class="nb">install </span>python3-openstackclient <span class="nt">-y</span> root@instance:~# <span class="nb">source </span>openrc root@instance:~# openstack endpoint list +----------------------------------+-----------+--------------+-----------------+---------+-----------+------------------------------------------------------------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+-----------------+---------+-----------+------------------------------------------------------------------------------+ | 0584539654844f7f956088e43836ed4c | RegionOne | swift | object-store | True | public | https://object-store.131-153-200-197.nip.io/swift/v1/%<span class="o">(</span>tenant_id<span class="o">)</span>s | | 069df7eb37584d91a22a95e7d36493d3 | RegionOne | manila | share | True | internal | http://manila-api.openstack.svc.cluster.local:8786/v1 | | 08b5e9b96ddf4ce79f270f582dc6bf7b | RegionOne | manilav2 | sharev2 | True | public | https://share.131-153-200-197.nip.io/v2 | | 0b95720b8c0e4de692acf18b769ce8be | RegionOne | heat-cfn | cloudformation | True | admin | http://heat-cfn.openstack.svc.cluster.local:8000/v1 | | 120958efeb924a0a98bf03ce807c0ace | RegionOne | cinderv3 | volumev3 | True | internal | http://cinder-api.openstack.svc.cluster.local:8776/v3/%<span class="o">(</span>tenant_id<span class="o">)</span>s | | 1427e413681e4518ac03d768bb44cb60 | RegionOne | placement | placement | True | admin | http://placement-api.openstack.svc.cluster.local:8778/ | | 1611e222d7b8447596aa44c0965aec1a | RegionOne | cinderv3 | volumev3 | True | public | https://volume.131-153-200-197.nip.io/v3/%<span class="o">(</span>tenant_id<span class="o">)</span>s | | 19047158ec1446b5b746682bc8d9dd93 | RegionOne | heat-cfn | cloudformation | True | internal | http://heat-cfn.openstack.svc.cluster.local:8000/v1 | | 1e04bacc8aae44b3818de40e386cf68e | RegionOne | barbican | key-manager | True | admin | http://barbican-api.openstack.svc.cluster.local:9311/ | | 27d7b0d81a104b54a3dcb8632297707f | RegionOne | keystone | identity | True | admin | http://keystone-api.openstack.svc.cluster.local:5000/ | | 2c4218a3da784f98890bcb6ac6cb20ae | RegionOne | heat | orchestration | True | admin | http://heat-api.openstack.svc.cluster.local:8004/v1/%<span class="o">(</span>project_id<span class="o">)</span>s | | 2f19518bd66c421eb6a5e25f7c93c96e | RegionOne | manila | share | True | public | http://manila.openstack.svc.cluster.local/v1 | | 3578d37453854cfbafdc18f2be4f0a62 | RegionOne | glance | image | True | public | https://image.131-153-200-197.nip.io/ | | 3a2e106afdbf43689676c85718319f88 | RegionOne | glance | image | True | admin | http://glance-api.openstack.svc.cluster.local:9292/ | | 3e3240df5df847bc84c204e0b18783f1 | RegionOne | glance | image | True | internal | http://glance-api.openstack.svc.cluster.local:9292/ | | 3f51c888203c433ea31d2ca67cf3e359 | RegionOne | manilav2 | sharev2 | True | admin | http://manila-api.openstack.svc.cluster.local:8786/v2 | | 44f08551b541410d8bb28b3a148dca0f | RegionOne | heat | orchestration | True | internal | http://heat-api.openstack.svc.cluster.local:8004/v1/%<span class="o">(</span>project_id<span class="o">)</span>s | | 6501cca34cd5401d8561522f062ec126 | RegionOne | magnum | container-infra | True | internal | http://magnum-api.openstack.svc.cluster.local:9511/v1 | | 65c4f687017d4ff4b774a61cd670de52 | RegionOne | barbican | key-manager | True | public | https://key-manager.131-153-200-197.nip.io/ | | 695342e32bf84ae48cc0c873227ce1ce | RegionOne | heat | orchestration | True | public | https://orchestration.131-153-200-197.nip.io/v1/%<span class="o">(</span>project_id<span class="o">)</span>s | | 71af00dd937e49c28827dadbe6d55bbe | RegionOne | swift | object-store | True | internal | http://rook-ceph-rgw-ceph.openstack.svc.cluster.local/swift/v1/%<span class="o">(</span>tenant_id<span class="o">)</span>s | | 7ada3efd05b64af1ae726d495fe61a6e | RegionOne | cinderv3 | volumev3 | True | admin | http://cinder-api.openstack.svc.cluster.local:8776/v3/%<span class="o">(</span>tenant_id<span class="o">)</span>s | | 87e74af69cbb4577b4dd29d106aed5fa | RegionOne | magnum | container-infra | True | public | https://container-infra.131-153-200-197.nip.io/v1 | | 8dae31f3eed946eea30025e56fbfd83a | RegionOne | nova | compute | True | admin | http://nova-api.openstack.svc.cluster.local:8774/v2.1 | | 8e562226dccc4df0af3c8cdfdec95084 | RegionOne | barbican | key-manager | True | internal | http://barbican-api.openstack.svc.cluster.local:9311/ | | 8f629f7e748d4c3087bf17aaa0ce2e47 | RegionOne | manila | share | True | admin | http://manila-api.openstack.svc.cluster.local:8786/v1 | | 91149164a0584145b6344ae1d525457b | RegionOne | keystone | identity | True | public | https://identity.131-153-200-197.nip.io/ | | a936e3ca42a54b6e97672f20e17c095b | RegionOne | neutron | network | True | admin | http://neutron-server.openstack.svc.cluster.local:9696/ | | b987ba9af66c4a14ba42d1fd8c1b2285 | RegionOne | placement | placement | True | public | https://placement.131-153-200-197.nip.io/ | | b9e2e43e90d649d5b6089c7474ba30cd | RegionOne | octavia | load-balancer | True | internal | http://octavia-api.openstack.svc.cluster.local:9876/ | | bf2839c099f946e39d21a0b6bcad0b87 | RegionOne | neutron | network | True | public | https://network.131-153-200-197.nip.io/ | | bf959da766554e91972fe1da9cff6d8e | RegionOne | heat-cfn | cloudformation | True | public | https://cloudformation.131-153-200-197.nip.io/v1 | | d027a62b34ca4eaabc508c04ad8f94e7 | RegionOne | magnum | container-infra | True | admin | http://magnum-api.openstack.svc.cluster.local:9511/v1 | | d3e857109be14bfabf82e962068b54af | RegionOne | nova | compute | True | public | https://compute.131-153-200-197.nip.io/v2.1 | | d6985c01aca54ec49e0ec1c728fc271b | RegionOne | nova | compute | True | internal | http://nova-api.openstack.svc.cluster.local:8774/v2.1 | | d74feae56d034bd7ad421e4588f0731e | RegionOne | octavia | load-balancer | True | admin | http://octavia-api.openstack.svc.cluster.local:9876/ | | e7bcb22c547e41489cc7d5732bca4a84 | RegionOne | manilav2 | sharev2 | True | internal | http://manila-api.openstack.svc.cluster.local:8786/v2 | | f005b62e7769497eb54b0c0a3fa3c587 | RegionOne | octavia | load-balancer | True | public | https://load-balancer.131-153-200-197.nip.io/ | | f40bb006a4984428b581042a78539ef8 | RegionOne | neutron | network | True | internal | http://neutron-server.openstack.svc.cluster.local:9696/ | | f4d8af60368645c7a5f1d9605afb5494 | RegionOne | placement | placement | True | internal | http://placement-api.openstack.svc.cluster.local:8778/ | | f5aa8f8ba519480199f224800480e8cb | RegionOne | keystone | identity | True | internal | http://keystone-api.openstack.svc.cluster.local:5000/ | +----------------------------------+-----------+--------------+-----------------+---------+-----------+------------------------------------------------------------------------------+ </code></pre> </div> <p>Ainsi que des accès via l’Ingress Controller du cluster Kubernetes sous-jacent :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@instance:~# kubectl cluster-info Kubernetes control plane is running at https://10.96.240.10:6443 CoreDNS is running at https://10.96.240.10:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> root@instance:~# kubectl get nodes <span class="nt">-o</span> wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME instance Ready control-plane 60m v1.28.4 131.153.200.197 &lt;none&gt; Ubuntu 22.04.4 LTS 5.15.0-105-generic containerd://1.7.9 root@instance:~# kubectl get ing <span class="nt">-A</span> NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE auth-system keycloak atmosphere keycloak.131-153-200-197.nip.io 10.98.36.135 80, 443 54m monitoring kube-prometheus-stack-alertmanager atmosphere alertmanager.131-153-200-197.nip.io 10.98.36.135 80, 443 53m monitoring kube-prometheus-stack-grafana atmosphere grafana.131-153-200-197.nip.io 10.98.36.135 80, 443 53m monitoring kube-prometheus-stack-prometheus atmosphere prometheus.131-153-200-197.nip.io 10.98.36.135 80, 443 53m openstack cloudformation atmosphere cloudformation.131-153-200-197.nip.io 10.98.36.135 80, 443 33m openstack compute atmosphere compute.131-153-200-197.nip.io 10.98.36.135 80, 443 38m openstack compute-novnc-proxy atmosphere vnc.131-153-200-197.nip.io 10.98.36.135 80, 443 38m openstack container-infra atmosphere container-infra.131-153-200-197.nip.io 10.98.36.135 80, 443 27m openstack container-infra-registry atmosphere container-infra-registry.131-153-200-197.nip.io 10.98.36.135 80, 443 27m openstack dashboard atmosphere dashboard.131-153-200-197.nip.io 10.98.36.135 80, 443 23m openstack identity atmosphere identity.131-153-200-197.nip.io 10.98.36.135 80, 443 51m openstack image atmosphere image.131-153-200-197.nip.io 10.98.36.135 80, 443 46m openstack key-manager atmosphere key-manager.131-153-200-197.nip.io 10.98.36.135 80, 443 49m openstack load-balancer atmosphere load-balancer.131-153-200-197.nip.io 10.98.36.135 80, 443 30m openstack network atmosphere network.131-153-200-197.nip.io 10.98.36.135 80, 443 36m openstack orchestration atmosphere orchestration.131-153-200-197.nip.io 10.98.36.135 80, 443 33m openstack placement atmosphere placement.131-153-200-197.nip.io 10.98.36.135 80, 443 41m openstack rook-ceph-cluster atmosphere object-store.131-153-200-197.nip.io 10.98.36.135 80, 443 48m openstack sharev2 atmosphere share.131-153-200-197.nip.io 10.98.36.135 80, 443 23m openstack volumev3 atmosphere volume.131-153-200-197.nip.io 10.98.36.135 80, 443 42m </code></pre> </div> <p>Le domaine WildCard utilisé ici me donne accès au Dashboard Horizon pour plus de simplicité :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ADgAT7LOW2SUDS1_Uuu4rfQ.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ADgAT7LOW2SUDS1_Uuu4rfQ.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AZDPH1m97k1ZLtooPAasgoA.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AZDPH1m97k1ZLtooPAasgoA.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AWERMZDhjH5dqW1vbWlADzg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AWERMZDhjH5dqW1vbWlADzg.png"></a></p> <p>Je charge une image locale d’Ubuntu 24.04 LTS dans le cluster :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@instance:~# <span class="nb">cat </span>openrc <span class="c"># Ansible managed: Do NOT edit this file manually!</span> <span class="nb">export </span><span class="nv">OS_IDENTITY_API_VERSION</span><span class="o">=</span>3 <span class="nb">export </span><span class="nv">OS_AUTH_URL</span><span class="o">=</span><span class="s2">"https://identity.131-153-200-197.nip.io/v3"</span> <span class="nb">export </span><span class="nv">OS_AUTH_TYPE</span><span class="o">=</span>password <span class="nb">export </span><span class="nv">OS_REGION_NAME</span><span class="o">=</span><span class="s2">"RegionOne"</span> <span class="nb">export </span><span class="nv">OS_USER_DOMAIN_NAME</span><span class="o">=</span>Default <span class="nb">export </span><span class="nv">OS_USERNAME</span><span class="o">=</span><span class="s2">"admin-RegionOne"</span> <span class="nb">export </span><span class="nv">OS_PASSWORD</span><span class="o">=</span><span class="s2">"lzi232PTaHpzoC2HjwSLKepZELQd6ENJ"</span> <span class="nb">export </span><span class="nv">OS_PROJECT_DOMAIN_NAME</span><span class="o">=</span>Default <span class="nb">export </span><span class="nv">OS_PROJECT_NAME</span><span class="o">=</span>admin <span class="nb">export </span><span class="nv">OS_CACERT</span><span class="o">=</span>/usr/local/share/ca-certificates/atmosphere.crt root@instance:~# wget <span class="nt">-c</span> https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img Saving to: ‘noble-server-cloudimg-amd64.img’ noble-server-cloudimg-amd64.img 100%[<span class="o">=====================================================================================================&gt;]</span> 454.00M 17.9MB/s <span class="k">in </span>30s 2024-06-03 13:22:40 <span class="o">(</span>15.3 MB/s<span class="o">)</span> - ‘noble-server-cloudimg-amd64.img’ saved <span class="o">[</span>476053504/476053504] root@instance:~# openstack image create <span class="nt">--public</span> <span class="nt">--container-format</span> bare <span class="nt">--disk-format</span> qcow2 <span class="nt">--file</span> ~/noble-server-cloudimg-amd64.img ubuntu-24.04 +------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | container_format | bare | | created_at | 2024-06-03T13:23:12Z | | disk_format | qcow2 | | file | /v2/images/81d8eafa-4054-455c-9640-4e83c0566d21/file | | <span class="nb">id</span> | 81d8eafa-4054-455c-9640-4e83c0566d21 | | min_disk | 0 | | min_ram | 0 | | name | ubuntu-24.04 | | owner | 43321f42e8434f8aa53531bd104e2809 | | properties | <span class="nv">locations</span><span class="o">=</span><span class="s1">'[]'</span>, <span class="nv">os_hidden</span><span class="o">=</span><span class="s1">'False'</span>, owner_specified.openstack.md5<span class="o">=</span><span class="s1">''</span>, owner_specified.openstack.object<span class="o">=</span><span class="s1">'images/ubuntu-24.04'</span>, owner_specified.openstack.sha256<span class="o">=</span><span class="s1">''</span> | | protected | False | | schema | /v2/schemas/image | | status | queued | | tags | | | updated_at | 2024-06-03T13:23:12Z | | visibility | public | +------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ root@instance:~# openstack image list +--------------------------------------+---------------------------+--------+ | ID | Name | Status | +--------------------------------------+---------------------------+--------+ | 04e2f39a-e4ff-426b-aeee-b82acd3bf611 | amphora-x64-haproxy | active | | 49a3b09d-c191-4c36-8541-31efaffb404d | cirros | active | | b7e75cdb-37b0-4f2a-badf-cfdee7bca83d | manila-service-image | active | | 3c5df46c-7015-411c-8009-afa6695672a6 | ubuntu-2204-kube-v1.27.8s | active | | 81d8eafa-4054-455c-9640-4e83c0566d21 | ubuntu-24.04 | active | +--------------------------------------+---------------------------+--------+ </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A8u2DwINnORNfR-t1ewHMvg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A8u2DwINnORNfR-t1ewHMvg.png"></a></p> <p>Configuration d’une topologie réseau pour un rapide test :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AMpiV-Sd046CPZj3qgpIVBg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AMpiV-Sd046CPZj3qgpIVBg.png"></a></p> <p>Avec l’image chargée dans Glance, lancement de trois petites instances Ubuntu 24.04 LTS …</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A0_x7xPMDO2Vyvho5RJ_PEQ.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A0_x7xPMDO2Vyvho5RJ_PEQ.png"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@instance:~# openstack server list +--------------------------------------+-------+--------+--------------------------------------+--------------+----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-------+--------+--------------------------------------+--------------+----------+ | 07d6bf6e-edff-4729-9133-31849ea6fe87 | k0s-3 | ACTIVE | <span class="nv">network1</span><span class="o">=</span>10.96.250.216, 11.12.13.185 | ubuntu-24.04 | m1.small | | afd10cda-f99c-4877-9948-a7f25b5e756a | k0s-1 | ACTIVE | <span class="nv">network1</span><span class="o">=</span>10.96.250.211, 11.12.13.99 | ubuntu-24.04 | m1.small | | d70230a1-9fdf-40d9-959d-c9960479b4a5 | k0s-2 | ACTIVE | <span class="nv">network1</span><span class="o">=</span>10.96.250.208, 11.12.13.80 | ubuntu-24.04 | m1.small | +--------------------------------------+-------+--------+--------------------------------------+--------------+----------+ </code></pre> </div> <p>Un cluster kubernetes simple sur la base de ces trois instances est alors possible avec k0sctl.</p> <p><a href="https://github.com/k0sproject/k0sctl" rel="noopener noreferrer">GitHub - k0sproject/k0sctl: A bootstrapping and management tool for k0s clusters.</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>root@instance:~# wget -c https://github.com/k0sproject/k0sctl/releases/download/v0.17.8/k0sctl-linux-x64 root@instance:~# mv k0sctl-linux-x64 /usr/local/bin/k0sctl &amp;&amp; chmod +x /usr/local/bin/k0sctl root@instance:~# k0sctl NAME: k0sctl - k0s cluster management tool USAGE: k0sctl [global options] command [command options] COMMANDS: version Output k0sctl version apply Apply a k0sctl configuration kubeconfig Output the admin kubeconfig of the cluster init Create a configuration template reset Remove traces of k0s from all of the hosts backup Take backup of existing clusters state config Configuration related sub-commands completion help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --debug, -d Enable debug logging (default: false) [$DEBUG] --trace Enable trace logging (default: false) [$TRACE] --no-redact Do not hide sensitive information in the output (default: false) --help, -h show help root@instance:~# k0sctl init --k0s &gt; k0sctl.yaml root@instance:~# cat k0sctl.yaml apiVersion: k0sctl.k0sproject.io/v1beta1 kind: Cluster metadata: name: k0s-cluster spec: hosts: - ssh: address: 10.96.250.211 user: ubuntu port: 22 keyPath: /root/.ssh/id_rsa role: controller - ssh: address: 10.96.250.208 user: ubuntu port: 22 keyPath: /root/.ssh/id_rsa role: worker - ssh: address: 10.96.250.216 user: ubuntu port: 22 keyPath: /root/.ssh/id_rsa role: worker k0s: config: apiVersion: k0s.k0sproject.io/v1beta1 kind: Cluster metadata: name: k0s spec: api: k0sApiPort: 9443 port: 6443 installConfig: users: etcdUser: etcd kineUser: kube-apiserver konnectivityUser: konnectivity-server kubeAPIserverUser: kube-apiserver kubeSchedulerUser: kube-scheduler konnectivity: adminPort: 8133 agentPort: 8132 network: kubeProxy: disabled: false mode: iptables kuberouter: autoMTU: true mtu: 0 peerRouterASNs: "" peerRouterIPs: "" podCIDR: 10.244.0.0/16 provider: kuberouter serviceCIDR: 10.96.0.0/12 podSecurityPolicy: defaultPolicy: 00-k0s-privileged storage: type: etcd telemetry: enabled: true root@instance:~# k0sctl apply --config k0sctl.yaml ⠀⣿⣿⡇⠀⠀⢀⣴⣾⣿⠟⠁⢸⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀█████████ █████████ ███ ⠀⣿⣿⡇⣠⣶⣿⡿⠋⠀⠀⠀⢸⣿⡇⠀⠀⠀⣠⠀⠀⢀⣠⡆⢸⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀███ ███ ███ ⠀⣿⣿⣿⣿⣟⠋⠀⠀⠀⠀⠀⢸⣿⡇⠀⢰⣾⣿⠀⠀⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀███ ███ ███ ⠀⣿⣿⡏⠻⣿⣷⣤⡀⠀⠀⠀⠸⠛⠁⠀⠸⠋⠁⠀⠀⣿⣿⡇⠈⠉⠉⠉⠉⠉⠉⠉⠉⢹⣿⣿⠀███ ███ ███ ⠀⣿⣿⡇⠀⠀⠙⢿⣿⣦⣀⠀⠀⠀⣠⣶⣶⣶⣶⣶⣶⣿⣿⡇⢰⣶⣶⣶⣶⣶⣶⣶⣶⣾⣿⣿⠀█████████ ███ ██████████ k0sctl v0.17.8 Copyright 2023, k0sctl authors. Anonymized telemetry of usage will be sent to the authors. By continuing to use k0sctl you agree to these terms: https://k0sproject.io/licenses/eula INFO ==&gt; Running phase: Set k0s version INFO Looking up latest stable k0s version INFO Using k0s version v1.30.1+k0s.0 INFO ==&gt; Running phase: Connect to hosts INFO [ssh] 10.96.250.216:22: connected INFO [ssh] 10.96.250.208:22: connected INFO [ssh] 10.96.250.211:22: connected INFO ==&gt; Running phase: Detect host operating systems INFO [ssh] 10.96.250.216:22: is running Ubuntu 24.04 LTS INFO [ssh] 10.96.250.208:22: is running Ubuntu 24.04 LTS INFO [ssh] 10.96.250.211:22: is running Ubuntu 24.04 LTS INFO ==&gt; Running phase: Acquire exclusive host lock INFO ==&gt; Running phase: Prepare hosts INFO ==&gt; Running phase: Gather host facts INFO [ssh] 10.96.250.216:22: using k0s-3 as hostname INFO [ssh] 10.96.250.211:22: using k0s-1 as hostname INFO [ssh] 10.96.250.208:22: using k0s-2 as hostname INFO [ssh] 10.96.250.211:22: discovered ens3 as private interface INFO [ssh] 10.96.250.208:22: discovered ens3 as private interface INFO [ssh] 10.96.250.216:22: discovered ens3 as private interface INFO [ssh] 10.96.250.211:22: discovered 11.12.13.99 as private address INFO [ssh] 10.96.250.208:22: discovered 11.12.13.80 as private address INFO [ssh] 10.96.250.216:22: discovered 11.12.13.185 as private address INFO ==&gt; Running phase: Validate hosts INFO ==&gt; Running phase: Validate facts INFO ==&gt; Running phase: Download k0s on hosts INFO [ssh] 10.96.250.216:22: downloading k0s v1.30.1+k0s.0 INFO [ssh] 10.96.250.211:22: downloading k0s v1.30.1+k0s.0 INFO [ssh] 10.96.250.208:22: downloading k0s v1.30.1+k0s.0 INFO ==&gt; Running phase: Install k0s binaries on hosts INFO [ssh] 10.96.250.211:22: validating configuration INFO ==&gt; Running phase: Configure k0s INFO [ssh] 10.96.250.211:22: installing new configuration INFO ==&gt; Running phase: Initialize the k0s cluster INFO [ssh] 10.96.250.211:22: installing k0s controller INFO [ssh] 10.96.250.211:22: waiting for the k0s service to start INFO [ssh] 10.96.250.211:22: waiting for kubernetes api to respond INFO ==&gt; Running phase: Install workers INFO [ssh] 10.96.250.216:22: validating api connection to https://11.12.13.99:6443 INFO [ssh] 10.96.250.208:22: validating api connection to https://11.12.13.99:6443 INFO [ssh] 10.96.250.211:22: generating a join token for worker 1 INFO [ssh] 10.96.250.211:22: generating a join token for worker 2 INFO [ssh] 10.96.250.216:22: writing join token INFO [ssh] 10.96.250.208:22: writing join token INFO [ssh] 10.96.250.216:22: installing k0s worker INFO [ssh] 10.96.250.208:22: installing k0s worker INFO [ssh] 10.96.250.216:22: starting service INFO [ssh] 10.96.250.216:22: waiting for node to become ready INFO [ssh] 10.96.250.208:22: starting service INFO [ssh] 10.96.250.208:22: waiting for node to become ready INFO ==&gt; Running phase: Release exclusive host lock INFO ==&gt; Running phase: Disconnect from hosts INFO ==&gt; Finished in 42s INFO k0s cluster version v1.30.1+k0s.0 is now installed INFO Tip: To access the cluster you can now fetch the admin kubeconfig using: INFO k0sctl kubeconfig </code></pre> </div> <p>Kubernetes via k0s est actif et accessible via son fichier kubeconfigspécifique :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@instance:~# k0sctl kubeconfig <span class="o">&gt;</span> kubeconfig root@instance:~# kubectl <span class="nt">--kubeconfig</span><span class="o">=</span>kubeconfig cluster-info Kubernetes control plane is running at https://10.96.250.211:6443 CoreDNS is running at https://10.96.250.211:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> root@instance:~# kubectl <span class="nt">--kubeconfig</span><span class="o">=</span>kubeconfig get nodes <span class="nt">-o</span> wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME k0s-2 Ready &lt;none&gt; 2m41s v1.30.1+k0s 11.12.13.80 &lt;none&gt; Ubuntu 24.04 LTS 6.8.0-31-generic containerd://1.7.17 k0s-3 Ready &lt;none&gt; 2m41s v1.30.1+k0s 11.12.13.185 &lt;none&gt; Ubuntu 24.04 LTS 6.8.0-31-generic containerd://1.7.17 root@instance:~# kubectl <span class="nt">--kubeconfig</span><span class="o">=</span>kubeconfig get po,svc <span class="nt">-A</span> NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/coredns-6997b8f8bd-957bd 1/1 Running 0 2m41s kube-system pod/coredns-6997b8f8bd-ddr5t 1/1 Running 0 2m41s kube-system pod/konnectivity-agent-2bxgl 1/1 Running 0 2m51s kube-system pod/konnectivity-agent-4gfsw 1/1 Running 0 2m51s kube-system pod/kube-proxy-2cq5w 1/1 Running 0 2m51s kube-system pod/kube-proxy-m6rnv 1/1 Running 0 2m51s kube-system pod/kube-router-p9s4t 1/1 Running 0 2m51s kube-system pod/kube-router-qhcp4 1/1 Running 0 2m51s kube-system pod/metrics-server-5cd4986bbc-rf4wc 1/1 Running 0 2m57s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default service/kubernetes ClusterIP 10.96.0.1 &lt;none&gt; 443/TCP 3m15s kube-system service/kube-dns ClusterIP 10.96.0.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 3m5s kube-system service/metrics-server ClusterIP 10.97.91.41 &lt;none&gt; 443/TCP 3m1s </code></pre> </div> <p>Le démonstrateur FC en une commande (habituelle maintenant) :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">root@instance:~# cat test.yaml</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">4</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">image</span><span class="pi">:</span> <span class="s">mcas/franceconnect-demo2:latest</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">3000</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fcdemo-service</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">ClusterIP</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">3000</span> <span class="s">root@instance:~# kubectl --kubeconfig=kubeconfig apply -f test.yaml</span> <span class="s">deployment.apps/fcdemo3 created</span> <span class="s">service/fcdemo-service created</span> <span class="s">root@instance:~# kubectl --kubeconfig=kubeconfig get po,svc</span> <span class="s">NAME READY STATUS RESTARTS AGE</span> <span class="s">pod/fcdemo3-85f6bd87c-7jvpk 1/1 Running 0 13s</span> <span class="s">pod/fcdemo3-85f6bd87c-btv9m 1/1 Running 0 13s</span> <span class="s">pod/fcdemo3-85f6bd87c-nlw9x 1/1 Running 0 13s</span> <span class="s">pod/fcdemo3-85f6bd87c-v66bs 1/1 Running 0 13s</span> <span class="s">NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE</span> <span class="s">service/fcdemo-service ClusterIP 10.98.123.24 &lt;none&gt; 80/TCP 13s</span> <span class="s">service/kubernetes ClusterIP 10.96.0.1 &lt;none&gt; 443/TCP 8m19s</span> </code></pre> </div> <p>Redirection de port ici pour accès local à ce dernier …<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@instance:~# kubectl <span class="nt">--kubeconfig</span><span class="o">=</span>kubeconfig port-forward service/fcdemo-service 12222:80 <span class="nt">--address</span><span class="o">=</span><span class="s1">'0.0.0.0'</span> Forwarding from 0.0.0.0:12222 -&gt; 3000 </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ArSxXqKBliaa96EQ1njsfyg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ArSxXqKBliaa96EQ1njsfyg.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AIcCUKsL8xABvl4OtHE9AvQ.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AIcCUKsL8xABvl4OtHE9AvQ.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Amg3woS3pejwCghRtYJRxFg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Amg3woS3pejwCghRtYJRxFg.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AxXzCk76pCz6SZub5y0IbHw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AxXzCk76pCz6SZub5y0IbHw.png"></a></p> <p>Sachant qu’Atmosphere disposait de Magnum pour déployer un cluster Kubernetes intrinsèque …</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A4_SotIS5Dav1vtG8I3nFQw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A4_SotIS5Dav1vtG8I3nFQw.png"></a></p> <p>Pour conclure, Atmosphere est un projet pour un déploiement simplifié d’un cluster Openstack conteneurisé dans un cluster Kubernetes de base (en reprenant OpenStack Helm) et que l’on retrouve également dans la nouvelle mouture de Canonical MicroStack par exemple …</p> <p><a href="https://microstack.run/" rel="noopener noreferrer">OpenStack for the edge, micro clouds and developers</a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F500%2F0%2ALn7ClaZW7nPlURrI.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F500%2F0%2ALn7ClaZW7nPlURrI.png"></a></p> <p>À suivre !</p> kubernetes openstack docker phoenixnap Karim Sun, 31 Mar 2024 18:02:05 +0000 https://forem.com/deep75/gerer-des-conteneurs-qui-ressemblent-a-des-machines-virtuelles-avec-bootloose-successeur-de-p29 https://forem.com/deep75/gerer-des-conteneurs-qui-ressemblent-a-des-machines-virtuelles-avec-bootloose-successeur-de-p29 <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--6VXRiFt5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AmZMaAMzlDcpc4PXduM2mTQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--6VXRiFt5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AmZMaAMzlDcpc4PXduM2mTQ.png" alt="" width="800" height="414"></a></p> <p>Dans plusieurs articles précédents, j’avais décrit l’usage de Footloose, un binaire écrit en Go qui permettait de créer des conteneurs qui ressemblent à des machines virtuelles.</p> <ul> <li><a href="https://deep75.medium.com/weave-ignite-et-weave-footloose-dans-scaleway-quand-les-machines-virtuelles-se-prennent-pour-des-e28f5312a59f">Weave Ignite et Weave Footloose dans Scaleway : quand les machines virtuelles se prennent pour des…</a></li> <li><a href="https://deep75.medium.com/des-clusters-kubernetes-imbriqu%C3%A9s-avec-ignite-firecracker-containerd-kind-et-rancher-34e5e92c257b">Des clusters Kubernetes imbriqués avec Ignite, Firecracker, Containerd, Kind et Rancher …</a></li> </ul> <blockquote> <p>Ces conteneurs exécutent systemd en tant que PID 1 et un démon ssh qui peut être utilisé pour se connecter au conteneur. Ces “machines” se comportent comme des VM, il est même possible d’y faire tourner dockerd.</p> </blockquote> <p><a href="https://github.com/weaveworks/footloose">GitHub - weaveworks/footloose: Container Machines - Containers that look like Virtual Machines</a></p> <blockquote> <p>Footloose peut être utilisé pour une variété de tâches, partout où vous aimeriez avoir des machines virtuelles mais voulez des temps de démarrage rapides ou avez besoin de plusieurs d’entre elles.</p> </blockquote> <p>C’est au tour de l’équipe à l’origine de k0s de reprendre le flambeau avec Bootloose</p> <p><a href="https://github.com/k0sproject/bootloose">GitHub - k0sproject/bootloose: Manage containers that look like virtual machines</a></p> <p>Sur le même principe …</p> <p>Illustration avec le lancement d’une instance Ubuntu 22.04 LTS en ARM64 Bits dans Hetzner Cloud :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--4lVOShgs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AJm7aslQiOonyc2E6FW31CQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--4lVOShgs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AJm7aslQiOonyc2E6FW31CQ.png" alt="" width="800" height="196"></a></p> <p>dans laquelle je commence par installer le moteurDocker :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@ubuntu-16gb-hel1-1:~# curl <span class="nt">-fsSL</span> https://get.docker.com | sh - <span class="c"># Executing docker install script, commit: e5543d473431b782227f8908005543bb4389b8de</span> + sh <span class="nt">-c</span> apt-get update <span class="nt">-qq</span> <span class="o">&gt;</span>/dev/null + sh <span class="nt">-c</span> <span class="nv">DEBIAN_FRONTEND</span><span class="o">=</span>noninteractive apt-get <span class="nb">install</span> <span class="nt">-y</span> <span class="nt">-qq</span> apt-transport-https ca-certificates curl <span class="o">&gt;</span>/dev/null + sh <span class="nt">-c</span> <span class="nb">install</span> <span class="nt">-m</span> 0755 <span class="nt">-d</span> /etc/apt/keyrings + sh <span class="nt">-c</span> curl <span class="nt">-fsSL</span> <span class="s2">"https://download.docker.com/linux/ubuntu/gpg"</span> | gpg <span class="nt">--dearmor</span> <span class="nt">--yes</span> <span class="nt">-o</span> /etc/apt/keyrings/docker.gpg + sh <span class="nt">-c</span> <span class="nb">chmod </span>a+r /etc/apt/keyrings/docker.gpg + sh <span class="nt">-c</span> <span class="nb">echo</span> <span class="s2">"deb [arch=arm64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable"</span> <span class="o">&gt;</span> /etc/apt/sources.list.d/docker.list + sh <span class="nt">-c</span> apt-get update <span class="nt">-qq</span> <span class="o">&gt;</span>/dev/null + sh <span class="nt">-c</span> <span class="nv">DEBIAN_FRONTEND</span><span class="o">=</span>noninteractive apt-get <span class="nb">install</span> <span class="nt">-y</span> <span class="nt">-qq</span> docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin <span class="o">&gt;</span>/dev/null + sh <span class="nt">-c</span> docker version Client: Docker Engine - Community Version: 26.0.0 API version: 1.45 Go version: go1.21.8 Git commit: 2ae903e Built: Wed Mar 20 15:18:14 2024 OS/Arch: linux/arm64 Context: default Server: Docker Engine - Community Engine: Version: 26.0.0 API version: 1.45 <span class="o">(</span>minimum version 1.24<span class="o">)</span> Go version: go1.21.8 Git commit: 8b79278 Built: Wed Mar 20 15:18:14 2024 OS/Arch: linux/arm64 Experimental: <span class="nb">false </span>containerd: Version: 1.6.28 GitCommit: ae07eda36dd25f8a1b98dfbf587313b99c0190bb runc: Version: 1.1.12 GitCommit: v1.1.12-0-g51d5e94 docker-init: Version: 0.19.0 GitCommit: de40ad0 <span class="o">================================================================================</span> To run Docker as a non-privileged user, consider setting up the Docker daemon <span class="k">in </span>rootless mode <span class="k">for </span>your user: dockerd-rootless-setuptool.sh <span class="nb">install </span>Visit https://docs.docker.com/go/rootless/ to learn about rootless mode. To run the Docker daemon as a fully privileged service, but granting non-root <span class="nb">users </span>access, refer to https://docs.docker.com/go/daemon-access/ WARNING: Access to the remote API on a privileged Docker daemon is equivalent to root access on the host. Refer to the <span class="s1">'Docker daemon attack surface'</span> documentation <span class="k">for </span>details: https://docs.docker.com/go/attack-surface/ <span class="o">================================================================================</span> root@ubuntu-16gb-hel1-1:~# docker ps <span class="nt">-a</span> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES </code></pre> </div> <p>Puis récupération du binaire Bootloose depuis GitHub :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@ubuntu-16gb-hel1-1:~# wget <span class="nt">-c</span> https://github.com/k0sproject/bootloose/releases/download/v0.7.3/bootloose-linux-arm64 HTTP request sent, awaiting response... 200 OK Length: 6291456 <span class="o">(</span>6.0M<span class="o">)</span> <span class="o">[</span>application/octet-stream] Saving to: ‘bootloose-linux-arm64’ bootloose-linux-arm64 100%[<span class="o">=====================================================================================================&gt;]</span> 6.00M 21.8MB/s <span class="k">in </span>0.3s <span class="o">(</span>21.8 MB/s<span class="o">)</span> - ‘bootloose-linux-arm64’ saved <span class="o">[</span>6291456/6291456] root@ubuntu-16gb-hel1-1:~# <span class="nb">chmod</span> +x bootloose-linux-arm64 root@ubuntu-16gb-hel1-1:~# <span class="nb">mv </span>bootloose-linux-arm64 /usr/local/bin/bootloose root@ubuntu-16gb-hel1-1:~# bootloose bootloose - Container Machines Usage: bootloose <span class="o">[</span><span class="nb">command</span><span class="o">]</span> Available Commands: completion Generate the autocompletion script <span class="k">for </span>the specified shell config Manage cluster configuration create Create a cluster delete Delete a cluster <span class="nb">help </span>Help about any <span class="nb">command </span>show Show all running machines or a single machine with a given hostname. ssh SSH into a machine start Start cluster machines stop Stop cluster machines version Print bootloose version Flags: <span class="nt">-c</span>, <span class="nt">--config</span> string Cluster configuration file <span class="o">(</span>default <span class="s2">"bootloose.yaml"</span><span class="o">)</span> <span class="nt">-h</span>, <span class="nt">--help</span> <span class="nb">help </span><span class="k">for </span>bootloose Use <span class="s2">"bootloose [command] --help"</span> <span class="k">for </span>more information about a command. </code></pre> </div> <p><a href="https://github.com/k0sproject/bootloose/releases">Releases · k0sproject/bootloose</a></p> <p>Et création de de fichier de configuration YAML pour créer mes instances avec cette image :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--sERJrHo4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AXGW6u6coU1MRcG_CdRQDjA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--sERJrHo4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AXGW6u6coU1MRcG_CdRQDjA.png" alt="" width="800" height="330"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--v3rcQxSx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/700/0%2AFi6gpjp-YY3DKdME.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--v3rcQxSx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/700/0%2AFi6gpjp-YY3DKdME.jpg" alt="" width="700" height="394"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@ubuntu-16gb-hel1-1:~# bootloose config create <span class="nt">--replicas</span> 3 <span class="nt">--image</span> quay.io/k0sproject/bootloose-ubuntu22.04:latest root@ubuntu-16gb-hel1-1:~# <span class="nb">cat </span>bootloose.yaml cluster: name: cluster privateKey: ~/.ssh/id_rsa machines: - count: 3 spec: image: quay.io/k0sproject/bootloose-ubuntu22.04:latest name: node%d portMappings: - containerPort: 22 privileged: <span class="nb">true </span>volumes: - <span class="nb">type</span>: volume destination: /var/lib/k0s root@ubuntu-16gb-hel1-1:~# bootloose create INFO[0000] Docker Image: quay.io/k0sproject/bootloose-ubuntu22.04:latest present locally INFO[0000] Creating machine: cluster-node0 ... INFO[0000] Creating machine: cluster-node1 ... INFO[0000] Creating machine: cluster-node2 ... root@ubuntu-16gb-hel1-1:~# docker ps <span class="nt">-a</span> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f452da977dd6 quay.io/k0sproject/bootloose-ubuntu22.04:latest <span class="s2">"/sbin/init"</span> About a minute ago Up About a minute 0.0.0.0:32770-&gt;22/tcp, :::32770-&gt;22/tcp cluster-node2 790a6594d4a3 quay.io/k0sproject/bootloose-ubuntu22.04:latest <span class="s2">"/sbin/init"</span> About a minute ago Up About a minute 0.0.0.0:32769-&gt;22/tcp, :::32769-&gt;22/tcp cluster-node1 c674c7d3551f quay.io/k0sproject/bootloose-ubuntu22.04:latest <span class="s2">"/sbin/init"</span> About a minute ago Up About a minute 0.0.0.0:32768-&gt;22/tcp, :::32768-&gt;22/tcp cluster-node0 root@ubuntu-16gb-hel1-1:~# docker inspect <span class="si">$(</span>docker ps <span class="nt">-aq</span><span class="si">)</span> | <span class="nb">grep </span>IPAddress <span class="s2">"SecondaryIPAddresses"</span>: null, <span class="s2">"IPAddress"</span>: <span class="s2">"172.17.0.4"</span>, <span class="s2">"IPAddress"</span>: <span class="s2">"172.17.0.4"</span>, <span class="s2">"SecondaryIPAddresses"</span>: null, <span class="s2">"IPAddress"</span>: <span class="s2">"172.17.0.3"</span>, <span class="s2">"IPAddress"</span>: <span class="s2">"172.17.0.3"</span>, <span class="s2">"SecondaryIPAddresses"</span>: null, <span class="s2">"IPAddress"</span>: <span class="s2">"172.17.0.2"</span>, <span class="s2">"IPAddress"</span>: <span class="s2">"172.17.0.2"</span>, root@ubuntu-16gb-hel1-1:~# <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>2..4<span class="o">}</span><span class="p">;</span> <span class="k">do </span>ssh root@172.17.0.<span class="nv">$i</span> <span class="s1">'hostname'</span><span class="p">;</span> <span class="k">done </span>Warning: Permanently added <span class="s1">'172.17.0.2'</span> <span class="o">(</span>ED25519<span class="o">)</span> to the list of known hosts. node0 Warning: Permanently added <span class="s1">'172.17.0.3'</span> <span class="o">(</span>ED25519<span class="o">)</span> to the list of known hosts. node1 Warning: Permanently added <span class="s1">'172.17.0.4'</span> <span class="o">(</span>ED25519<span class="o">)</span> to the list of known hosts. node2 </code></pre> </div> <p>Les instances sont donc accessibles en SSH et je vais utiliser k0sctl pour y créer un cluster Kubernetes via k0s:</p> <p><a href="https://github.com/k0sproject/k0sctl">GitHub - k0sproject/k0sctl: A bootstrapping and management tool for k0s clusters.</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@ubuntu-16gb-hel1-1:~# <span class="nb">chmod</span> +x k0sctl-linux-arm64 root@ubuntu-16gb-hel1-1:~# <span class="nb">mv </span>k0sctl-linux-arm64 /usr/local/bin/k0sctl root@ubuntu-16gb-hel1-1:~# k0sctl NAME: k0sctl - k0s cluster management tool USAGE: k0sctl <span class="o">[</span>global options] <span class="nb">command</span> <span class="o">[</span><span class="nb">command </span>options] COMMANDS: version Output k0sctl version apply Apply a k0sctl configuration kubeconfig Output the admin kubeconfig of the cluster init Create a configuration template reset Remove traces of k0s from all of the hosts backup Take backup of existing clusters state config Configuration related sub-commands completion <span class="nb">help</span>, h Shows a list of commands or <span class="nb">help </span><span class="k">for </span>one <span class="nb">command </span>GLOBAL OPTIONS: <span class="nt">--debug</span>, <span class="nt">-d</span> Enable debug logging <span class="o">(</span>default: <span class="nb">false</span><span class="o">)</span> <span class="o">[</span><span class="nv">$DEBUG</span><span class="o">]</span> <span class="nt">--trace</span> Enable trace logging <span class="o">(</span>default: <span class="nb">false</span><span class="o">)</span> <span class="o">[</span><span class="nv">$TRACE</span><span class="o">]</span> <span class="nt">--no-redact</span> Do not hide sensitive information <span class="k">in </span>the output <span class="o">(</span>default: <span class="nb">false</span><span class="o">)</span> <span class="nt">--help</span>, <span class="nt">-h</span> show <span class="nb">help</span> </code></pre> </div> <p>Initialisation du cluster dans Bootloose via ce fichier de configuration YAML :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@ubuntu-16gb-hel1-1:~# k0sctl init <span class="nt">--k0s</span> <span class="o">&gt;</span> k0sctl.yaml root@ubuntu-16gb-hel1-1:~# <span class="nb">cat </span>k0sctl.yaml apiVersion: k0sctl.k0sproject.io/v1beta1 kind: Cluster metadata: name: k0s-cluster spec: hosts: - ssh: address: 172.17.0.2 user: root port: 22 keyPath: /root/.ssh/id_rsa role: controller - ssh: address: 172.17.0.3 user: root port: 22 keyPath: /root/.ssh/id_rsa role: worker - ssh: address: 172.17.0.4 user: root port: 22 keyPath: /root/.ssh/id_rsa role: worker k0s: version: null versionChannel: stable dynamicConfig: <span class="nb">false </span>config: apiVersion: k0s.k0sproject.io/v1beta1 kind: Cluster metadata: name: k0s spec: api: k0sApiPort: 9443 port: 6443 installConfig: <span class="nb">users</span>: etcdUser: etcd kineUser: kube-apiserver konnectivityUser: konnectivity-server kubeAPIserverUser: kube-apiserver kubeSchedulerUser: kube-scheduler konnectivity: adminPort: 8133 agentPort: 8132 network: kubeProxy: disabled: <span class="nb">false </span>mode: iptables kuberouter: autoMTU: <span class="nb">true </span>mtu: 0 peerRouterASNs: <span class="s2">""</span> peerRouterIPs: <span class="s2">""</span> podCIDR: 10.244.0.0/16 provider: kuberouter serviceCIDR: 10.96.0.0/12 podSecurityPolicy: defaultPolicy: 00-k0s-privileged storage: <span class="nb">type</span>: etcd telemetry: enabled: <span class="nb">false</span> </code></pre> </div> <p>Lancement de la création du cluster k0s avec ce fichier de configuration :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@ubuntu-16gb-hel1-1:~# k0sctl apply <span class="nt">--config</span> k0sctl.yaml ⠀⣿⣿⡇⠀⠀⢀⣴⣾⣿⠟⠁⢸⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀█████████ █████████ ███ ⠀⣿⣿⡇⣠⣶⣿⡿⠋⠀⠀⠀⢸⣿⡇⠀⠀⠀⣠⠀⠀⢀⣠⡆⢸⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀███ ███ ███ ⠀⣿⣿⣿⣿⣟⠋⠀⠀⠀⠀⠀⢸⣿⡇⠀⢰⣾⣿⠀⠀⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀███ ███ ███ ⠀⣿⣿⡏⠻⣿⣷⣤⡀⠀⠀⠀⠸⠛⠁⠀⠸⠋⠁⠀⠀⣿⣿⡇⠈⠉⠉⠉⠉⠉⠉⠉⠉⢹⣿⣿⠀███ ███ ███ ⠀⣿⣿⡇⠀⠀⠙⢿⣿⣦⣀⠀⠀⠀⣠⣶⣶⣶⣶⣶⣶⣿⣿⡇⢰⣶⣶⣶⣶⣶⣶⣶⣶⣾⣿⣿⠀█████████ ███ ██████████ k0sctl v0.17.5 Copyright 2023, k0sctl authors. Anonymized telemetry of usage will be sent to the authors. By continuing to use k0sctl you agree to these terms: https://k0sproject.io/licenses/eula INFO <span class="o">==&gt;</span> Running phase: Set k0s version INFO Looking up latest stable k0s version INFO Using k0s version v1.29.2+k0s.0 INFO <span class="o">==&gt;</span> Running phase: Connect to hosts INFO <span class="o">[</span>ssh] 172.17.0.4:22: connected INFO <span class="o">[</span>ssh] 172.17.0.3:22: connected INFO <span class="o">[</span>ssh] 172.17.0.2:22: connected INFO <span class="o">==&gt;</span> Running phase: Detect host operating systems INFO <span class="o">[</span>ssh] 172.17.0.4:22: is running Ubuntu 22.04.3 LTS INFO <span class="o">[</span>ssh] 172.17.0.2:22: is running Ubuntu 22.04.3 LTS INFO <span class="o">[</span>ssh] 172.17.0.3:22: is running Ubuntu 22.04.3 LTS INFO <span class="o">==&gt;</span> Running phase: Acquire exclusive host lock INFO <span class="o">==&gt;</span> Running phase: Prepare hosts INFO <span class="o">[</span>ssh] 172.17.0.2:22: is a container, applying a fix INFO <span class="o">[</span>ssh] 172.17.0.3:22: is a container, applying a fix INFO <span class="o">[</span>ssh] 172.17.0.4:22: is a container, applying a fix INFO <span class="o">==&gt;</span> Running phase: Gather host facts INFO <span class="o">[</span>ssh] 172.17.0.4:22: using node2 as <span class="nb">hostname </span>INFO <span class="o">[</span>ssh] 172.17.0.3:22: using node1 as <span class="nb">hostname </span>INFO <span class="o">[</span>ssh] 172.17.0.2:22: using node0 as <span class="nb">hostname </span>INFO <span class="o">[</span>ssh] 172.17.0.4:22: discovered eth0 as private interface INFO <span class="o">[</span>ssh] 172.17.0.3:22: discovered eth0 as private interface INFO <span class="o">[</span>ssh] 172.17.0.2:22: discovered eth0 as private interface INFO <span class="o">==&gt;</span> Running phase: Validate hosts INFO <span class="o">==&gt;</span> Running phase: Validate facts INFO <span class="o">==&gt;</span> Running phase: Download k0s on hosts INFO <span class="o">[</span>ssh] 172.17.0.4:22: downloading k0s v1.29.2+k0s.0 INFO <span class="o">[</span>ssh] 172.17.0.3:22: downloading k0s v1.29.2+k0s.0 INFO <span class="o">[</span>ssh] 172.17.0.2:22: downloading k0s v1.29.2+k0s.0 INFO <span class="o">==&gt;</span> Running phase: Install k0s binaries on hosts INFO <span class="o">[</span>ssh] 172.17.0.2:22: validating configuration INFO <span class="o">==&gt;</span> Running phase: Configure k0s INFO <span class="o">[</span>ssh] 172.17.0.2:22: installing new configuration INFO <span class="o">==&gt;</span> Running phase: Initialize the k0s cluster INFO <span class="o">[</span>ssh] 172.17.0.2:22: installing k0s controller INFO <span class="o">[</span>ssh] 172.17.0.2:22: waiting <span class="k">for </span>the k0s service to start INFO <span class="o">[</span>ssh] 172.17.0.2:22: waiting <span class="k">for </span>kubernetes api to respond INFO <span class="o">==&gt;</span> Running phase: Install workers INFO <span class="o">[</span>ssh] 172.17.0.3:22: validating api connection to https://172.17.0.2:6443 INFO <span class="o">[</span>ssh] 172.17.0.4:22: validating api connection to https://172.17.0.2:6443 INFO <span class="o">[</span>ssh] 172.17.0.2:22: generating a <span class="nb">join </span>token <span class="k">for </span>worker 1 INFO <span class="o">[</span>ssh] 172.17.0.2:22: generating a <span class="nb">join </span>token <span class="k">for </span>worker 2 INFO <span class="o">[</span>ssh] 172.17.0.4:22: writing <span class="nb">join </span>token INFO <span class="o">[</span>ssh] 172.17.0.3:22: writing <span class="nb">join </span>token INFO <span class="o">[</span>ssh] 172.17.0.3:22: installing k0s worker INFO <span class="o">[</span>ssh] 172.17.0.4:22: installing k0s worker INFO <span class="o">[</span>ssh] 172.17.0.4:22: starting service INFO <span class="o">[</span>ssh] 172.17.0.3:22: starting service INFO <span class="o">[</span>ssh] 172.17.0.4:22: waiting <span class="k">for </span>node to become ready INFO <span class="o">[</span>ssh] 172.17.0.3:22: waiting <span class="k">for </span>node to become ready INFO <span class="o">==&gt;</span> Running phase: Release exclusive host lock INFO <span class="o">==&gt;</span> Running phase: Disconnect from hosts INFO <span class="o">==&gt;</span> Finished <span class="k">in </span>48s INFO k0s cluster version v1.29.2+k0s.0 is now installed INFO Tip: To access the cluster you can now fetch the admin kubeconfig using: INFO k0sctl kubeconfig </code></pre> </div> <p>Je peux alors récupérer le fichier kubeconfig pour l’utilisation locale du client kubectl :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@ubuntu-16gb-hel1-1:~# <span class="nb">mkdir</span> .kube root@ubuntu-16gb-hel1-1:~# k0sctl kubeconfig <span class="o">&gt;</span> .kube/config root@ubuntu-16gb-hel1-1:~# <span class="nb">cat</span> .kube/config apiVersion: v1 clusters: - cluster: certificate-authority-data: <span class="nv">LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBRENDQWVpZ0F3SUJBZ0lVSnhLUU9xRlVzZ0NnY0FiTWNDdEFSTXlmNDFVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dERVdNQlFHQTFVRUF4TU5hM1ZpWlhKdVpYUmxjeTFqWVRBZUZ3MHlOREF6TXpFeE5qQXhNREJhRncwegpOREF6TWpreE5qQXhNREJhTUJneEZqQVVCZ05WQkFNVERXdDFZbVZ5Ym1WMFpYTXRZMkV3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURXM3V4cVZtMUdMWWNJWlozMDIrajcwTXQ3Y1Y1Zkw3ZmYKcDNwaURhUVk1d1RGMHVmMEVWcDZqQXV5TVpNaGtWTzlSSmo2TGYyb0xNcVV1V0ZqVzFKdVZUVHY5U0JDc1FhVApudVpxVktyWnJ0Nkt5bm1zaVBuWTlMZW5wWklkdzA4NUZnOHdWdGFlclVmOUlaaUMrSEZPL1grdjlIOUFySlJJCjVNby80dzBaZEJjdXVUcEREVzZpcTNNMjF2b1pCR3Jwbk43TkcvWUpLcGNwM2xlbVV5d1JHL0dEMisyTlRML08KdEx5cmF4TDVWVkVYbENEbTFlTXJZOXBzSjNQcDJySmE0RmxyMGRVVFJRUHcycjhBUUxyTFhJUmFBYXpEV3lBLwpKR1NKZG81YUdrL3NxM2l3clRJb3c0UmlwRGRQWmV2UkdZSlRLaWZWOStRYk14bkVuUEZSQWdNQkFBR2pRakJBCk1BNEdBMVVkRHdFQi93UUVBd0lCQmpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJScFl0V2MKMERrSlRaTDFxR0tkK284N1ZndTFBakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbWtGVTBYam14ZWRPMDFtegozWU9QS3hBeTg2N1NpMlM0WTRMcDNqL3NCcW9TWVlkYldzS3c2Wmx1aTdra2VYUEMvM0pJRTd4YjNoL0p6WWxvCnRZMEliOEpnUnZvVk1sV0ZHNitxMnNnZEo3cmx6blg1QXBQZkRqUXY5RUJHR3VXM21IY1UxbXVCUStrUG9JK2cKaU5OZzFITjRoYllYMVJOMitOK3pKcVNVaWh1WFZDbVhFa2YwQ05WU3VyTEZ6cGNKWWJpNWowVVcwYmRhVWFpTwpJRDJOd3VZcUhDNS96RDM0RDB6T1RVMzRtUTVsZDRUYUx4ZmlwRzZrWDVVSEJtT0U5d3lIbVZuY2VzelJ0alZTCnlFblNJV0g1cmM5Sk84RVBXLzVPRTJsb2E3a240U05iQU5NbUNFaVZtZE9IdU5NSHFGaUQxR2oxOWI5MzVpSnkKUnpGS2hBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo</span><span class="o">=</span> server: https://172.17.0.2:6443 name: k0s-cluster contexts: - context: cluster: k0s-cluster user: admin name: k0s-cluster current-context: k0s-cluster kind: Config preferences: <span class="o">{}</span> <span class="nb">users</span>: - name: admin user: client-certificate-data: <span class="nv">LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURXVENDQWtHZ0F3SUJBZ0lVY3lhN3dQUGVIR0c1eUM3WWdUV1FCZnlNM2lJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dERVdNQlFHQTFVRUF4TU5hM1ZpWlhKdVpYUmxjeTFqWVRBZUZ3MHlOREF6TXpFeE5qQXhNREJhRncweQpOVEF6TXpFeE5qQXhNREJhTURReEZ6QVZCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVJrd0Z3WURWUVFECkV4QnJkV0psY201bGRHVnpMV0ZrYldsdU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0MKQVFFQTFrbjJONVorWEt0MW50N3A1QSt2YWQ5OU9DQ25DQ1FKN1JDeXUzTlRaZXlPWDlwK2lRNzBqaC9mWTZjagovNElFMDVDQlJNZzU1cGtVSWszc0k5anJqNFhBcmRaSnQ1QTFUbDZFY0tuWEQ2NzJyWFV4bVlsRG9FK3p6SitkClc1VnVkc0JmbXVqRnluTGJyT2xDYzZEMDlOWmo5b24zRVlGK0dhcXFBTG5wOU9mNENkaFdLL3hYcWVabFBPaFMKZ2RLdERYVzRXYjlEVEZpbytXQ2RObmR6NWd5SUF5OTM3akRzUG9ESEl2OXdEMkVkd2JSVzNMUERjRjhFaFpKWQpUcUV1Z2F0bzB6ek1vaVZzdkptNVZSU0ZjS2h6S1NkZW1obnFyaTBLWXFFTG9Oa2QwcnFkbFF2cnhCSUlvd1E1Cnl4TWhnOHhRb3pDSUtVZXY5SVhoVTlLT2VRSURBUUFCbzM4d2ZUQU9CZ05WSFE4QkFmOEVCQU1DQmFBd0hRWUQKVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXdIUVlEVlIwTwpCQllFRk5SbjV4ek1qVXZSeFVtRXdmbzBLVm45cFgzME1COEdBMVVkSXdRWU1CYUFGR2xpMVp6UU9RbE5rdldvCllwMzZqenRXQzdVQ01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQjRqU29XNmpnZmRkMlFGM0FRNWxJckVSMFkKQVJSV1RtNTdtTkZPM041OE1PZXR1UDAzOWxvSnIrbDY4aXVQcEUyd2VoL1hTNGxrM3B6dSszSS9IVDNlNW1PcwpiU0pGMXZWbHlaZnZTd1BveEMxcVBPakR3R28xQW1xUUpYRzhjc1E1WWVPR3lVN3BjdjY0KzRrL2xXQmovSEliCmQ4ZnVkMzh4cUo5SUV5SXdBU0lVenhVbllPZ1ZyOWlzRGtxTlk4czBtc3loQXpFYkNQdDQ2NFhiU0pqWG40aSsKOTFVK2FFZG1BMHN5Mi9jc2h6TFZCYzlOanJER1Yya0ZTL2hQNU9YZ0ZycEpEcnNnRVVOcjRudzNRaEl0RkJvdAp4Q2VXYkxTdXFPWTJjcnVvU1hWdmMrdFkyV0xWZ0RQVDRkZ3E3UGhhZm5oTUJkNmxyME55WFNuVzdOWFQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo</span><span class="o">=</span> client-key-data: <span class="nv">LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMWtuMk41WitYS3QxbnQ3cDVBK3ZhZDk5T0NDbkNDUUo3UkN5dTNOVFpleU9YOXArCmlRNzBqaC9mWTZjai80SUUwNUNCUk1nNTVwa1VJazNzSTlqcmo0WEFyZFpKdDVBMVRsNkVjS25YRDY3MnJYVXgKbVlsRG9FK3p6SitkVzVWdWRzQmZtdWpGeW5MYnJPbENjNkQwOU5aajlvbjNFWUYrR2FxcUFMbnA5T2Y0Q2RoVwpLL3hYcWVabFBPaFNnZEt0RFhXNFdiOURURmlvK1dDZE5uZHo1Z3lJQXk5MzdqRHNQb0RISXY5d0QyRWR3YlJXCjNMUERjRjhFaFpKWVRxRXVnYXRvMHp6TW9pVnN2Sm01VlJTRmNLaHpLU2RlbWhucXJpMEtZcUVMb05rZDBycWQKbFF2cnhCSUlvd1E1eXhNaGc4eFFvekNJS1VldjlJWGhVOUtPZVFJREFRQUJBb0lCQUFhR3dpVDNSR24ySHVMegp6eFBQRm55Vy9lMVRzVUtpTmxzdUF3T0tnNk83REtzR3NJdmtGTGF2YWRKVEtObURVRHBSVUY2VDZvK0hZZ0daCmRmT3hpNXNYYThMZm4rY2pVVHhOektMUnlXY0U0U1p2UjA5eHlzbDdJL0s3ZWNOc1RhejROdkUwM2JGSXhrQUIKNnJBeTJzTUtOSWt4c29DcC9Qa3pKWEpZTnpQcVBtL05Kb3hja1h5KzVXRUxiY25Od2lxUUZzU09zT21ldEZ3YQpYcTZrSkVYRzIwVGpvQjg0SlFsNldNN0M5TFp0TWUrcnpsRGdsZFl1ZU92M1FWSE9FU0d2T0VuTFh3TEVSdkg3CmpPbUs4L040dU53L0NpTXJlUjh0WWR2dVBQNVA2Z1V5OUdmdXc2bkM4SzlTOE9CSVZmOWpxRjlsdG9wZndhNVMKRmdCd1BnRUNnWUVBNEI4T0hVZmp1ajR1amNyU01RYm0xQzRhN0QxckJ3YmxuY2RuNFlSYndpKzhOdmhEcGt5SQowMjBod1czRWpUTGJTSTB5UGJvNnQ4MWJEZk1xcjdudm1CblBZTDN2T1lmY3hDRklMcWJwSHd3M1h3aTBsM1BuCmhKVkZyaGJZckthSlVNcDZXVW9zTGdpVDE3MWx2ZnRRZFd5WGpWaGhLQ25SVTJSTExIOEg5NUVDZ1lFQTlNVGgKQWMyaTVSTnRzWDFFOTBFQjZUK0Rxekd3WkQ5WG1YVFQ4M3hrSzVENWV5UzIyUFpGa0NVU3pTSUZtVkpHSzh1ZwpuL2tQQTVZbWMzQUNiWEptVHlDQStSTkxhMU5TTDhGNXN4RzJ3Ris4OXNLVDBhT3VnNE5Ld1RHYkd6QVFKSjN0CitndmcwYXhJQW04b2RrU1RMbTg3K2N0UDVWK2QyNGNHVmh4VHhHa0NnWUVBaE5uancvZVpSZzBXQzNidW9hRTEKc3hDaFpPZ0RTV2NOTlRtK21pK2JOTUNYRVA2Wkd6ckM0SkVRTVZpZjZoTDdhVVpKUWMzaWdKRjZLQXE4Z3UzMAoySFIwT1NSZGFmemZJR09hSmcxS290emE5YnB6VWxPaUtUVlMySjh5VVNWbXdEMUZ5U2Z1aUZzTlNCVTgraUMrCjBOeE4rYnNwM0dUdGNFRkRUbHorbkFFQ2dZQXBOTS9RZHViNmU2Zlczb2p5dXgzd1A0SVNHdjVnRWczVVJzZTcKMFBBb0tYTG1tVXF6QWRxNkpwT2d0eDZNTGo2ajl0Ym10NDRnZzNHYnMzcWxKRUkzQmZqUWRjQVhwR0pNcWR5cwpHY3BUWG9xNFhBOTRsbjYxb3krOWtIVlZRV1VtVlBRUVNWbWkwc2NZcWMvOUFSUnFGODNZQXJORG9USTVGK1VvCk1BS21LUUtCZ1FDZ0tSOEpYMkpOakR6QjVWd3lwdmo3SDdFNFV4Q1FBVXdZZ1JVZ0VCUThZZElPUitSWTFuREEKUWRLd1NOaWxodWxrTjFERFVCZmZqUHhJWndTNExJZEkyN0lqTHlqMFUvbDFrMkludU94OFdHck1hUnp6WXRGcgpTTjhQV2x6eERZTHNHaVpyR2MzVXk0Znd6Ty9lV2xFUFpod0NRVk5lTFpHcFRCYVpvbUIxQkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo</span><span class="o">=</span> root@ubuntu-16gb-hel1-1:~# curl <span class="nt">-LO</span> https://dl.k8s.io/release/v1.29.2/bin/linux/arm64/kubectl <span class="o">&amp;&amp;</span> <span class="nb">chmod</span> +x kubectl <span class="o">&amp;&amp;</span> <span class="nb">mv </span>kubectl /usr/local/bin/ root@ubuntu-16gb-hel1-1:~# <span class="nb">chmod </span>400 .kube/config root@ubuntu-16gb-hel1-1:~# kubectl cluster-info Kubernetes control plane is running at https://172.17.0.2:6443 CoreDNS is running at https://172.17.0.2:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> </code></pre> </div> <p>Le cluster est alors opérationnel et actif avec deux noeuds Workers :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@ubuntu-16gb-hel1-1:~# kubectl get nodes <span class="nt">-o</span> wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME node1 Ready &lt;none&gt; 4m58s v1.29.2+k0s 172.17.0.3 &lt;none&gt; Ubuntu 22.04.3 LTS 5.15.0-100-generic containerd://1.7.13 node2 Ready &lt;none&gt; 4m58s v1.29.2+k0s 172.17.0.4 &lt;none&gt; Ubuntu 22.04.3 LTS 5.15.0-100-generic containerd://1.7.13 root@ubuntu-16gb-hel1-1:~# kubectl get po,svc <span class="nt">-A</span> NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/coredns-555d98c87b-7dxxh 1/1 Running 0 5m kube-system pod/coredns-555d98c87b-9ngzm 1/1 Running 0 5m kube-system pod/konnectivity-agent-4fb6m 1/1 Running 0 5m5s kube-system pod/konnectivity-agent-kj99g 1/1 Running 0 5m5s kube-system pod/kube-proxy-6pbnw 1/1 Running 0 5m5s kube-system pod/kube-proxy-xg4mh 1/1 Running 0 5m5s kube-system pod/kube-router-tvzsb 1/1 Running 0 5m5s kube-system pod/kube-router-wt97k 1/1 Running 0 5m5s kube-system pod/metrics-server-7556957bb7-qtgd2 1/1 Running 0 5m6s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default service/kubernetes ClusterIP 10.96.0.1 &lt;none&gt; 443/TCP 5m23s kube-system service/kube-dns ClusterIP 10.96.0.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 5m14s kube-system service/metrics-server ClusterIP 10.100.127.105 &lt;none&gt; 443/TCP 5m10s </code></pre> </div> <p>Je vais utiliser l’image Docker du projet Kasmweb pour obtenir un Desktop en ligne au sein de ce cluster :</p> <ul> <li><a href="https://hub.docker.com/r/kasmweb/ubuntu-jammy-dind">Docker</a></li> <li><a href="https://kasmweb.com/docs/latest/guide/custom_images.html#rolling-docker-images">Default Docker Images - Kasm 1.15.0 documentation</a></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--D8EMkyAQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2ANS8iJRg5CP2j1kb2h_2g8A.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--D8EMkyAQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2ANS8iJRg5CP2j1kb2h_2g8A.png" alt="" width="800" height="427"></a></p> <p>Pour cela conversion de la formule donnée dans le Docker Hub en fichier YAML pour docker-compose via Composerize :</p> <p><a href="https://www.composerize.com/">Composerize</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Vzlu-uuv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AaZ-mIuYCwR7DN3lf-Emd7Q.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Vzlu-uuv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AaZ-mIuYCwR7DN3lf-Emd7Q.png" alt="" width="800" height="381"></a></p> <p>Puis conversion en manifests YAML via Kompose:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@ubuntu-16gb-hel1-1:~# <span class="nb">cat </span>docker-compose.yml name: ubuntu services: ubuntu-jammy-dind: stdin_open: <span class="nb">true tty</span>: <span class="nb">true </span>shm_size: 512m ports: - 6901:6901 environment: - <span class="nv">VNC_PW</span><span class="o">=</span>password image: kasmweb/ubuntu-jammy-dind:1.14.0-rolling root@ubuntu-16gb-hel1-1:~# ./kompose convert INFO Kubernetes file <span class="s2">"ubuntu-jammy-dind-service.yaml"</span> created INFO Kubernetes file <span class="s2">"ubuntu-jammy-dind-deployment.yaml"</span> created root@ubuntu-16gb-hel1-1:~# <span class="nb">cat </span>ubuntu-jammy-dind-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: annotations: kompose.cmd: ./kompose convert kompose.version: 1.32.0 <span class="o">(</span>765fde254<span class="o">)</span> labels: io.kompose.service: ubuntu-jammy-dind name: ubuntu-jammy-dind spec: replicas: 1 selector: matchLabels: io.kompose.service: ubuntu-jammy-dind template: metadata: annotations: kompose.cmd: ./kompose convert kompose.version: 1.32.0 <span class="o">(</span>765fde254<span class="o">)</span> labels: io.kompose.network/ubuntu-default: <span class="s2">"true"</span> io.kompose.service: ubuntu-jammy-dind spec: containers: - <span class="nb">env</span>: - name: VNC_PW value: password image: kasmweb/ubuntu-jammy-dind:1.14.0-rolling name: ubuntu-jammy-dind ports: - containerPort: 6901 hostPort: 6901 protocol: TCP stdin: <span class="nb">true tty</span>: <span class="nb">true </span>restartPolicy: Always root@ubuntu-16gb-hel1-1:~# <span class="nb">cat </span>ubuntu-jammy-dind-service.yaml apiVersion: v1 kind: Service metadata: annotations: kompose.cmd: ./kompose convert kompose.version: 1.32.0 <span class="o">(</span>765fde254<span class="o">)</span> labels: io.kompose.service: ubuntu-jammy-dind name: ubuntu-jammy-dind spec: ports: - name: <span class="s2">"6901"</span> port: 6901 targetPort: 6901 selector: io.kompose.service: ubuntu-jammy-dind </code></pre> </div> <p>Déploiement de ces derniers dans le cluster k0s…<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> root@ubuntu-16gb-hel1-1:~# kubectl apply <span class="nt">-f</span> ubuntu-jammy-dind-deployment.yaml deployment.apps/ubuntu-jammy-dind created root@ubuntu-16gb-hel1-1:~# kubectl apply <span class="nt">-f</span> ubuntu-jammy-dind-service.yaml service/ubuntu-jammy-dind created root@ubuntu-16gb-hel1-1:~# kubectl get po,svc <span class="nt">-A</span> NAMESPACE NAME READY STATUS RESTARTS AGE default pod/ubuntu-jammy-dind-5d84c9847f-vhftx 1/1 Running 0 3m37s kube-system pod/coredns-555d98c87b-7dxxh 1/1 Running 0 24m kube-system pod/coredns-555d98c87b-9ngzm 1/1 Running 0 24m kube-system pod/konnectivity-agent-4fb6m 1/1 Running 0 24m kube-system pod/konnectivity-agent-kj99g 1/1 Running 0 24m kube-system pod/kube-proxy-6pbnw 1/1 Running 0 24m kube-system pod/kube-proxy-xg4mh 1/1 Running 0 24m kube-system pod/kube-router-tvzsb 1/1 Running 0 24m kube-system pod/kube-router-wt97k 1/1 Running 0 24m kube-system pod/metrics-server-7556957bb7-qtgd2 1/1 Running 0 24m NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default service/kubernetes ClusterIP 10.96.0.1 &lt;none&gt; 443/TCP 24m default service/ubuntu-jammy-dind ClusterIP 10.97.43.198 &lt;none&gt; 6901/TCP 3m30s kube-system service/kube-dns ClusterIP 10.96.0.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 24m kube-system service/metrics-server ClusterIP 10.100.127.105 &lt;none&gt; 443/TCP 24m </code></pre> </div> <p>J’expose le service via kubectl pour accéder au Desktop via NoVNC et les identifiants par défaut :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> root@ubuntu-16gb-hel1-1:~# kubectl port-forward svc/ubuntu-jammy-dind 6901:6901 --address='0.0.0.0' Forwarding from 0.0.0.0:6901 -&gt; 6901 </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--FStGDic5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2Ak1KxTss0lZSEc6ERX5Oeng.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--FStGDic5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2Ak1KxTss0lZSEc6ERX5Oeng.png" alt="" width="800" height="524"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--j6LqFzZo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2ADlKO4urSYceyHDvkXeuSxA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--j6LqFzZo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2ADlKO4urSYceyHDvkXeuSxA.png" alt="" width="800" height="524"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--l7xzQOad--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AbQoC1TdQ9uDZRok8WgsJSw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--l7xzQOad--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AbQoC1TdQ9uDZRok8WgsJSw.png" alt="" width="800" height="687"></a></p> <p>Comme dans l’article précédent, récupération d’Ollama en test …<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl -fsSL https://ollama.com/install.sh | sh </code></pre> </div> <ul> <li><a href="https://github.com/ollama/ollama">GitHub - ollama/ollama: Get up and running with Llama 2, Mistral, Gemma, and other large language models.</a></li> <li><a href="https://ollama.com/library?sort=newest">library</a></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--zD7u_wD2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AgPAyw9iANitlQs4T2vnVxA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--zD7u_wD2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AgPAyw9iANitlQs4T2vnVxA.png" alt="" width="800" height="407"></a></p> <p>avec Llama2 :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--5o7LF6qA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2A4jQc0QRgLm47GJsB7m8XGA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--5o7LF6qA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2A4jQc0QRgLm47GJsB7m8XGA.png" alt="" width="800" height="407"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_DdjkMCu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2Ai3GTmWgsdf_h1xFChh9sDg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_DdjkMCu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2Ai3GTmWgsdf_h1xFChh9sDg.png" alt="" width="800" height="385"></a></p> <p>D’autres exemples d’utilisation peuvent se retrouver dans le dépôt GitHub avec notamment Ansible ou Ignite …</p> <ul> <li><a href="https://github.com/k0sproject/bootloose/tree/main/examples">bootloose/examples at main · k0sproject/bootloose</a></li> <li><a href="https://github.com/k0sproject/k0sctl/tree/main/examples/bootloose">k0sctl/examples/bootloose at main · k0sproject/k0sctl</a></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--mlrYbwnH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/888/0%2AcLK9IPxsEhzb31H-.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--mlrYbwnH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/888/0%2AcLK9IPxsEhzb31H-.jpg" alt="" width="800" height="450"></a></p> <p>À suivre !</p> docker containers kubernetes llm Karim Sun, 31 Mar 2024 14:48:42 +0000 https://forem.com/deep75/installer-canonical-kubernetes-dans-lxd-avec-juju--3ncd https://forem.com/deep75/installer-canonical-kubernetes-dans-lxd-avec-juju--3ncd <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--P8hmgWsS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2A8Yn7ODjvNPdTK9xvWjHCBw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--P8hmgWsS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2A8Yn7ODjvNPdTK9xvWjHCBw.png" alt="" width="800" height="405"></a></p> <p>Canonical Kubernetes que l’on a pu aborder dans l’article précédent,</p> <p><a href="https://dev.to/deep75/k8s-snap-canonical-kubernetes-pour-un-deploiement-simple-et-rapide-dun-cluster-k8s--4hi5">k8s-snap (Canonical Kubernetes) pour un déploiement simple et rapide d’un cluster k8s …</a></p> <blockquote> <p>peut également être installé dans LXD. C’est un excellent moyen, par exemple, de tester Canonical Kubernetes en cluster sans avoir besoin de plusieurs hôtes physiques.</p> </blockquote> <p><a href="https://ubuntu.com/blog/lxd-5-easy-pieces">LXD: five easy pieces | Ubuntu</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--A0b8tK72--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/0%2AduocFt98fgPLpc0U.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--A0b8tK72--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/0%2AduocFt98fgPLpc0U.png" alt="" width="800" height="447"></a></p> <p>Je pars donc d’une simple instance Ubuntu 22.04 LTS dans DigitalOcean :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s1">'Authorization: Bearer '</span><span class="nv">$TOKEN</span><span class="s1">''</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"name":"lxd", "size":"s-4vcpu-16gb-amd", "region":"fra1", "image":"ubuntu-22-04-x64", "vpc_uuid":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}'</span> <span class="se">\</span> <span class="s2">"https://api.digitalocean.com/v2/droplets"</span> </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--gyovk0lm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AP5E2FNUOZ2BGQ2LcczaK2w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--gyovk0lm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AP5E2FNUOZ2BGQ2LcczaK2w.png" alt="" width="800" height="227"></a></p> <p>et j’y installe et initie LXD ainsi que de l’orchestrateur Juju :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# snap remove lxd <span class="nt">--purge</span> <span class="o">&amp;&amp;</span> snap <span class="nb">install </span>lxd <span class="nt">--candidate</span> lxd removed lxd <span class="o">(</span>candidate<span class="o">)</span> 5.21.0-eb655b9 from Canonical✓ installed root@lxd:~# snap list Name Version Rev Tracking Publisher Notes core20 20230207 1828 latest/stable canonical✓ base core22 20240111 1122 latest/stable canonical✓ base lxd 5.21.0-eb655b9 27957 latest/candidate canonical✓ - snapd 2.58.2 18357 latest/stable canonical✓ snapd root@lxd:~# lxd init Would you like to use LXD clustering? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: Do you want to configure a new storage pool? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span><span class="nb">yes</span><span class="o">]</span>: Name of the new storage pool <span class="o">[</span><span class="nv">default</span><span class="o">=</span>default]: Name of the storage backend to use <span class="o">(</span><span class="nb">dir</span>, lvm, powerflex, zfs, btrfs, ceph<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>zfs]: <span class="nb">dir </span>Would you like to connect to a MAAS server? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: Would you like to create a new <span class="nb">local </span>network bridge? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span><span class="nb">yes</span><span class="o">]</span>: What should the new bridge be called? <span class="o">[</span><span class="nv">default</span><span class="o">=</span>lxdbr0]: What IPv4 address should be used? <span class="o">(</span>CIDR subnet notation, “auto” or “none”<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>auto]: What IPv6 address should be used? <span class="o">(</span>CIDR subnet notation, “auto” or “none”<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>auto]: none Would you like the LXD server to be available over the network? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: Would you like stale cached images to be updated automatically? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span><span class="nb">yes</span><span class="o">]</span>: Would you like a YAML <span class="s2">"lxd init"</span> preseed to be printed? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--DiEnbYbD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AuFEnpXiimTcBHrHk9ntjpw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--DiEnbYbD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/1%2AuFEnpXiimTcBHrHk9ntjpw.png" alt="" width="800" height="403"></a></p> <p><a href="https://juju.is/">The simplest way to deploy and maintain applications in the cloud</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# snap <span class="nb">install </span>juju juju <span class="o">(</span>3/stable<span class="o">)</span> 3.4.0 from Canonical✓ installed </code></pre> </div> <blockquote> <p>Edition du profil par défaut dans LXD pour lui permettre de prendre en charge Canonical Kubernetes avec ce modèle …</p> </blockquote> <p><a href="https://documentation.ubuntu.com/canonical-kubernetes/main/howto/install/lxd/">Install Canonical Kubernetes in LXD</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>name: default description: Default LXD profile config: boot.autostart: <span class="s2">"true"</span> linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,ip_tables,ip6_tables,iptable_raw,netlink_diag,nf_nat,overlay,br_netfilter,xt_socket raw.lxc: | lxc.apparmor.profile<span class="o">=</span>unconfined lxc.mount.auto<span class="o">=</span>proc:rw sys:rw cgroup:rw lxc.cgroup.devices.allow<span class="o">=</span>a lxc.cap.drop<span class="o">=</span> security.nesting: <span class="s2">"true"</span> security.privileged: <span class="s2">"true"</span> devices: aadisable2: path: /dev/kmsg <span class="nb">source</span>: /dev/kmsg <span class="nb">type</span>: unix-char dev-loop-control: major: <span class="s2">"10"</span> minor: <span class="s2">"237"</span> path: /dev/loop-control <span class="nb">type</span>: unix-char dev-loop0: major: <span class="s2">"7"</span> minor: <span class="s2">"0"</span> path: /dev/loop0 <span class="nb">type</span>: unix-block dev-loop1: major: <span class="s2">"7"</span> minor: <span class="s2">"1"</span> path: /dev/loop1 <span class="nb">type</span>: unix-block dev-loop2: major: <span class="s2">"7"</span> minor: <span class="s2">"2"</span> path: /dev/loop2 <span class="nb">type</span>: unix-block dev-loop3: major: <span class="s2">"7"</span> minor: <span class="s2">"3"</span> path: /dev/loop3 <span class="nb">type</span>: unix-block dev-loop4: major: <span class="s2">"7"</span> minor: <span class="s2">"4"</span> path: /dev/loop4 <span class="nb">type</span>: unix-block dev-loop5: major: <span class="s2">"7"</span> minor: <span class="s2">"5"</span> path: /dev/loop5 <span class="nb">type</span>: unix-block dev-loop6: major: <span class="s2">"7"</span> minor: <span class="s2">"6"</span> path: /dev/loop6 <span class="nb">type</span>: unix-block dev-loop7: major: <span class="s2">"7"</span> minor: <span class="s2">"7"</span> path: /dev/loop7 <span class="nb">type</span>: unix-block dev-loop8: major: <span class="s2">"7"</span> minor: <span class="s2">"8"</span> path: /dev/loop8 <span class="nb">type</span>: unix-block dev-loop9: major: <span class="s2">"7"</span> minor: <span class="s2">"9"</span> path: /dev/loop9 <span class="nb">type</span>: unix-block dev-loop10: major: <span class="s2">"7"</span> minor: <span class="s2">"10"</span> path: /dev/loop10 <span class="nb">type</span>: unix-block dev-loop11: major: <span class="s2">"7"</span> minor: <span class="s2">"11"</span> path: /dev/loop11 <span class="nb">type</span>: unix-block dev-loop12: major: <span class="s2">"7"</span> minor: <span class="s2">"12"</span> path: /dev/loop12 <span class="nb">type</span>: unix-block dev-loop13: major: <span class="s2">"7"</span> minor: <span class="s2">"13"</span> path: /dev/loop13 <span class="nb">type</span>: unix-block dev-loop14: major: <span class="s2">"7"</span> minor: <span class="s2">"14"</span> path: /dev/loop14 <span class="nb">type</span>: unix-block dev-loop15: major: <span class="s2">"7"</span> minor: <span class="s2">"15"</span> path: /dev/loop15 <span class="nb">type</span>: unix-block dev-loop16: major: <span class="s2">"7"</span> minor: <span class="s2">"16"</span> path: /dev/loop16 <span class="nb">type</span>: unix-block eth0: name: eth0 network: lxdbr0 <span class="nb">type</span>: nic root: path: / pool: default <span class="nb">type</span>: disk used_by: <span class="o">[]</span> </code></pre> </div> <p>Application de ce profil par défaut dans LXD :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# lxc profile edit default &lt; lxd-profile-default.yaml root@lxd:~# lxc profile show default name: default description: Default LXD profile config: boot.autostart: <span class="s2">"true"</span> linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,ip_tables,ip6_tables,iptable_raw,netlink_diag,nf_nat,overlay,br_netfilter,xt_socket raw.lxc: | lxc.apparmor.profile<span class="o">=</span>unconfined lxc.mount.auto<span class="o">=</span>proc:rw sys:rw cgroup:rw lxc.cgroup.devices.allow<span class="o">=</span>a lxc.cap.drop<span class="o">=</span> security.nesting: <span class="s2">"true"</span> security.privileged: <span class="s2">"true"</span> devices: aadisable2: path: /dev/kmsg <span class="nb">source</span>: /dev/kmsg <span class="nb">type</span>: unix-char dev-loop-control: major: <span class="s2">"10"</span> minor: <span class="s2">"237"</span> path: /dev/loop-control <span class="nb">type</span>: unix-char dev-loop0: major: <span class="s2">"7"</span> minor: <span class="s2">"0"</span> path: /dev/loop0 <span class="nb">type</span>: unix-block dev-loop1: major: <span class="s2">"7"</span> minor: <span class="s2">"1"</span> path: /dev/loop1 <span class="nb">type</span>: unix-block dev-loop2: major: <span class="s2">"7"</span> minor: <span class="s2">"2"</span> path: /dev/loop2 <span class="nb">type</span>: unix-block dev-loop3: major: <span class="s2">"7"</span> minor: <span class="s2">"3"</span> path: /dev/loop3 <span class="nb">type</span>: unix-block dev-loop4: major: <span class="s2">"7"</span> minor: <span class="s2">"4"</span> path: /dev/loop4 <span class="nb">type</span>: unix-block dev-loop5: major: <span class="s2">"7"</span> minor: <span class="s2">"5"</span> path: /dev/loop5 <span class="nb">type</span>: unix-block dev-loop6: major: <span class="s2">"7"</span> minor: <span class="s2">"6"</span> path: /dev/loop6 <span class="nb">type</span>: unix-block dev-loop7: major: <span class="s2">"7"</span> minor: <span class="s2">"7"</span> path: /dev/loop7 <span class="nb">type</span>: unix-block dev-loop8: major: <span class="s2">"7"</span> minor: <span class="s2">"8"</span> path: /dev/loop8 <span class="nb">type</span>: unix-block dev-loop9: major: <span class="s2">"7"</span> minor: <span class="s2">"9"</span> path: /dev/loop9 <span class="nb">type</span>: unix-block dev-loop10: major: <span class="s2">"7"</span> minor: <span class="s2">"10"</span> path: /dev/loop10 <span class="nb">type</span>: unix-block dev-loop11: major: <span class="s2">"7"</span> minor: <span class="s2">"11"</span> path: /dev/loop11 <span class="nb">type</span>: unix-block dev-loop12: major: <span class="s2">"7"</span> minor: <span class="s2">"12"</span> path: /dev/loop12 <span class="nb">type</span>: unix-block dev-loop13: major: <span class="s2">"7"</span> minor: <span class="s2">"13"</span> path: /dev/loop13 <span class="nb">type</span>: unix-block dev-loop14: major: <span class="s2">"7"</span> minor: <span class="s2">"14"</span> path: /dev/loop14 <span class="nb">type</span>: unix-block dev-loop15: major: <span class="s2">"7"</span> minor: <span class="s2">"15"</span> path: /dev/loop15 <span class="nb">type</span>: unix-block dev-loop16: major: <span class="s2">"7"</span> minor: <span class="s2">"16"</span> path: /dev/loop16 <span class="nb">type</span>: unix-block eth0: name: eth0 network: lxdbr0 <span class="nb">type</span>: nic root: path: / pool: default <span class="nb">type</span>: disk used_by: <span class="o">[]</span> </code></pre> </div> <p>Suivi du lancement d’un contrôleur local dans LXD pour Juju :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# <span class="nb">mkdir</span> <span class="nt">-p</span> ~/.local/share/juju root@lxd:~# juju bootstrap localhost lxd Creating Juju controller <span class="s2">"lxd"</span> on localhost/localhost Looking <span class="k">for </span>packaged Juju agent version 3.4.0 <span class="k">for </span>amd64 Located Juju agent version 3.4.0-ubuntu-amd64 at https://streams.canonical.com/juju/tools/agent/3.4.0/juju-3.4.0-linux-amd64.tgz To configure your system to better support LXD containers, please see: https://documentation.ubuntu.com/lxd/en/latest/explanation/performance_tuning/ Launching controller instance<span class="o">(</span>s<span class="o">)</span> on localhost/localhost... - juju-b6d031-0 <span class="o">(</span><span class="nb">arch</span><span class="o">=</span>amd64<span class="o">)</span> Installing Juju agent on bootstrap instance Waiting <span class="k">for </span>address Attempting to connect to 10.11.106.167:22 Connected to 10.11.106.167 Running machine configuration script... Bootstrap agent now started Contacting Juju controller at 10.11.106.167 to verify accessibility... Bootstrap <span class="nb">complete</span>, controller <span class="s2">"lxd"</span> is now available Controller machines are <span class="k">in </span>the <span class="s2">"controller"</span> model Now you can run juju add-model &lt;model-name&gt; to create a new model to deploy workloads. root@lxd:~# juju controllers Use <span class="nt">--refresh</span> option with this <span class="nb">command </span>to see the latest information. Controller Model User Access Cloud/Region Models Nodes HA Version lxd<span class="k">*</span> - admin superuser localhost/localhost 1 1 none 3.4.0 root@lxd:~# lxc <span class="nb">ls</span> +---------------+---------+----------------------+------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +---------------+---------+----------------------+------+-----------+-----------+ | juju-b6d031-0 | RUNNING | 10.11.106.167 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | +---------------+---------+----------------------+------+-----------+-----------+ </code></pre> </div> <p>Visualisation des Charms pour Canonical Kubernetes avant installation :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# juju info k8s name: k8s publisher: Canonical Kubernetes summary: A machine charm <span class="k">for </span>K8s description: <span class="s2">"A machine charm which operates a complete Kubernetes cluster.</span><span class="se">\n\n</span><span class="s2">This charm installs and operates a Kubernetes cluster via the k8s snap. It exposes</span><span class="se">\n</span><span class="s2">relations to co-operate with other kubernetes components such as optional CNIs, </span><span class="se">\n</span><span class="s2">optional cloud-providers, optional schedulers, external backing stores, and external</span><span class="se">\n</span><span class="s2">certificate storage.</span><span class="se">\n\n</span><span class="s2">This charm provides the following running components:</span><span class="se">\n</span><span class="s2">* kube-apiserver</span><span class="se">\n</span><span class="s2">* kube-scheduler</span><span class="se">\n</span><span class="s2">* kube-controller-manager</span><span class="se">\n</span><span class="s2">* kube-proxy</span><span class="se">\n</span><span class="s2">* kubelet</span><span class="se">\n</span><span class="s2">* containerd</span><span class="se">\n\n</span><span class="s2">This charm can optionally disable the following components:</span><span class="se">\n</span><span class="s2">* A Kubernetes Backing Store</span><span class="se">\n</span><span class="s2">* A Kubernetes CNI</span><span class="se">\n</span><span class="s2">"</span> store-url: https://charmhub.io/k8s charm-id: 5GG4ydqob6yLrcZ3rrscqL0gVJvK53Ij supports: ubuntu@20.04, ubuntu@22.04 subordinate: <span class="nb">false </span>relations: provides: cos-agent: cos_agent cos-worker-tokens: cos-tokens k8s-cluster: k8s-cluster requires: <span class="o">{}</span> channels: | latest/stable: – latest/candidate: – latest/beta: – latest/edge: 26 2024-03-29 <span class="o">(</span>26<span class="o">)</span> 3MB amd64 ubuntu@20.04, ubuntu@22.04 root@lxd:~# juju info k8s-worker name: k8s-worker publisher: Canonical Kubernetes summary: A machine charm <span class="k">for </span>a K8s Worker description: | A machine charm which operates a Kubernetes worker. This charm installs and operates a Kubernetes worker via the k8s snap. It exposes relations to co-operate with other kubernetes components This charm provides the following running components: <span class="k">*</span> kube-proxy <span class="k">*</span> kubelet <span class="k">*</span> containerd store-url: https://charmhub.io/k8s-worker charm-id: ZL6PvT8yleZOMih0oKRYPgQI4FntLB48 supports: ubuntu@20.04, ubuntu@22.04 subordinate: <span class="nb">false </span>relations: provides: cos-agent: cos_agent requires: cluster: k8s-cluster cos-tokens: cos-tokens channels: | latest/stable: – latest/candidate: – latest/beta: – latest/edge: 27 2024-03-29 <span class="o">(</span>27<span class="o">)</span> 6MB amd64 ubuntu@20.04, ubuntu@22.04 </code></pre> </div> <p>qui peuvent être installés avec Juju, avec ici le noeud contrôleur du futur cluster Kubernetes …</p> <p><a href="https://documentation.ubuntu.com/canonical-kubernetes/main/howto/install/charm/">Install Canonical Kubernetes from a charm</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# juju add-model k8s Added <span class="s1">'k8s'</span> model on localhost/localhost with credential <span class="s1">'localhost'</span> <span class="k">for </span>user <span class="s1">'admin'</span> root@lxd:~# juju deploy k8s <span class="nt">--channel</span><span class="o">=</span>latest/edge Deployed <span class="s2">"k8s"</span> from charm-hub charm <span class="s2">"k8s"</span>, revision 26 <span class="k">in </span>channel latest/edge on ubuntu@22.04/stable root@lxd:~# juju status Model Controller Cloud/Region Version SLA Timestamp k8s lxd localhost/localhost 3.4.0 unsupported 12:37:00Z App Version Status Scale Charm Channel Rev Exposed Message k8s waiting 1 k8s latest/edge 26 no Cluster not yet ready Unit Workload Agent Machine Public address Ports Message k8s/0<span class="k">*</span> waiting idle 0 10.11.106.116 Cluster not yet ready Machine State Address Inst <span class="nb">id </span>Base AZ Message 0 started 10.11.106.116 juju-85fd7d-0 ubuntu@22.04 Running </code></pre> </div> <p>Déploiement de deux noeuds Workers :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# juju deploy k8s-worker <span class="nt">--channel</span><span class="o">=</span>latest/edge <span class="nt">-n</span> 2 Deployed <span class="s2">"k8s-worker"</span> from charm-hub charm <span class="s2">"k8s-worker"</span>, revision 27 <span class="k">in </span>channel latest/edge on ubuntu@22.04/stable root@lxd:~# juju integrate k8s k8s-worker:cluster </code></pre> </div> <p>Le cluster Kubernetes est alors actif et opérationnel :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# juju status Model Controller Cloud/Region Version SLA Timestamp k8s lxd localhost/localhost 3.4.0 unsupported 12:39:53Z App Version Status Scale Charm Channel Rev Exposed Message k8s 1.29.3 active 1 k8s latest/edge 26 no Ready k8s-worker 1.29.3 active 2 k8s-worker latest/edge 27 no Ready Unit Workload Agent Machine Public address Ports Message k8s-worker/0<span class="k">*</span> active idle 1 10.11.106.20 Ready k8s-worker/1 active idle 2 10.11.106.178 Ready k8s/0<span class="k">*</span> active idle 0 10.11.106.116 6443/tcp Ready Machine State Address Inst <span class="nb">id </span>Base AZ Message 0 started 10.11.106.116 juju-85fd7d-0 ubuntu@22.04 Running 1 started 10.11.106.20 juju-85fd7d-1 ubuntu@22.04 Running 2 started 10.11.106.178 juju-85fd7d-2 ubuntu@22.04 Running </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--r0PqPswU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/535/1%2ARYXL6HDuXE32TYP7iijO2g.jpeg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--r0PqPswU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/535/1%2ARYXL6HDuXE32TYP7iijO2g.jpeg" alt="" width="535" height="467"></a></p> <p>Connexion au noeud Contrôleur du cluster pour vérifier son statut :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# juju ssh k8s/0 The programs included with the Ubuntu system are free software<span class="p">;</span> the exact distribution terms <span class="k">for </span>each program are described <span class="k">in </span>the individual files <span class="k">in</span> /usr/share/doc/<span class="k">*</span>/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a <span class="nb">command </span>as administrator <span class="o">(</span>user <span class="s2">"root"</span><span class="o">)</span>, use <span class="s2">"sudo &lt;command&gt;"</span><span class="nb">.</span> See <span class="s2">"man sudo_root"</span> <span class="k">for </span>details. ubuntu@juju-85fd7d-0:~<span class="nv">$ </span><span class="nb">sudo </span>k8s status status: ready high-availability: no datastore: voter-nodes: - 10.11.106.116:6400 standby-nodes: none spare-nodes: none network: enabled: <span class="nb">true </span>dns: enabled: <span class="nb">true </span>cluster-domain: cluster.local service-ip: 10.152.183.28 upstream-nameservers: - /etc/resolv.conf metrics-server: enabled: <span class="nb">true </span>ubuntu@juju-85fd7d-0:~<span class="nv">$ </span><span class="nb">sudo </span>k8s kubectl cluster-info Kubernetes control plane is running at https://127.0.0.1:6443 CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/coredns:udp-53/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> ubuntu@juju-85fd7d-0:~<span class="nv">$ </span><span class="nb">sudo </span>k8s kubectl get nodes <span class="nt">-o</span> wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME juju-85fd7d-0 Ready control-plane,worker 7m10s v1.29.3 10.11.106.116 &lt;none&gt; Ubuntu 22.04.4 LTS 5.15.0-67-generic containerd://1.6.28 juju-85fd7d-1 Ready worker 3m23s v1.29.3 10.11.106.20 &lt;none&gt; Ubuntu 22.04.4 LTS 5.15.0-67-generic containerd://1.6.28 juju-85fd7d-2 Ready worker 3m10s v1.29.3 10.11.106.178 &lt;none&gt; Ubuntu 22.04.4 LTS 5.15.0-67-generic containerd://1.6.28 ubuntu@juju-85fd7d-0:~<span class="nv">$ </span><span class="nb">sudo </span>k8s kubectl get po,svc <span class="nt">-A</span> NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/cilium-b5hkt 1/1 Running 0 7m13s kube-system pod/cilium-gghfz 1/1 Running 0 3m17s kube-system pod/cilium-kzwpz 1/1 Running 0 3m30s kube-system pod/cilium-operator-597b55b886-jhqkq 1/1 Running 0 7m13s kube-system pod/coredns-66579b5b88-x9dv2 1/1 Running 0 7m13s kube-system pod/metrics-server-57db9dfb7b-lnllv 1/1 Running 0 7m13s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default service/kubernetes ClusterIP 10.152.183.1 &lt;none&gt; 443/TCP 7m20s kube-system service/coredns ClusterIP 10.152.183.28 &lt;none&gt; 53/UDP,53/TCP 7m21s kube-system service/hubble-peer ClusterIP 10.152.183.184 &lt;none&gt; 443/TCP 7m21s kube-system service/metrics-server ClusterIP 10.152.183.60 &lt;none&gt; 443/TCP 7m20s </code></pre> </div> <p>Je peux récupérer le fichierkubeconfigavec Juju :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# juju ssh k8s/0 <span class="s1">'sudo k8s config'</span> apiVersion: v1 clusters: - cluster: certificate-authority-data: <span class="nv">LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHekNDQWdPZ0F3SUJBZ0lRQ2RCNysvUWI1Ums4MzdmRGJhWlp2ekFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFERXcxcmRXSmxjbTVsZEdWekxXTmhNQjRYRFRJME1ETXpNVEV5TXpVeE1Gb1hEVFEwTURNegpNVEV5TXpVeE1Gb3dHREVXTUJRR0ExVUVBeE1OYTNWaVpYSnVaWFJsY3kxallUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNK1VRNllEVS9vaEVrWjhGcHlnQ0Y3N1JHaWdEMUdEZUR5ekdCeTIKZjhleVhZMGRUWlFJcmw0amtIL29SS2tiRnB4QnZVSVlzWFV5RlpkOUxKM3VFMWhPQTNDNXYzM0VOUVhrdU5pNQpELy9kRHNyZ0pHWitzTnJKSTIzSWZOV1VXanNLc1hzejFzZXN5cHRYb2dYbytkTkxxRitVTjFnUjVBOTZ6VVB0ClZOZFJLKzUyaTFxcWcxeUFhczcybVhwVkNQZUxxSi9adXhDSFhTcE8rcWt0Q2pSeUVTKzJmVFVTaUhtRlQ5clMKVG9vZndTZ0RkWHJlMmsvN3NFSjg5aGk2NFpQeVQyZDFPYzcxbzEyQUlyZ0VBYlorZnJ0NnFCSVhENkkxSEJzKwphZlh1UmVmTyswUEFVYzgxN25QaGhTWW1OcGJrdk5vdFF4WlRZRGRONEhEbEJUVUNBd0VBQWFOaE1GOHdEZ1lEClZSMFBBUUgvQkFRREFnS0VNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQVRBUEJnTlYKSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUnFobUlNNzlRVnFYMks1YXVuVUdBMENYOTBkVEFOQmdrcQpoa2lHOXcwQkFRc0ZBQU9DQVFFQWNnaUJad0R3MTlVVlFaQVpHRCs5THFSOFBycXJyMlRqVFh0Q1RkbzFGWWZICnlla2IzdmV1YjJUblNOT2RUeEhjWmtlR2d3QXFYV216Z1MrSHl5TFZSTlY2WTNJK0ZKQmJpVkJJOTV0TlRmaG4KMEZvSEVzWUNSY3Q5L1JVQkVOTTFsZDY1bWFVNFc2TWFvdE5MOVpSczNGTDJ3SmRKTjdCVEJIamxYZzhrckkrOQpOdlcvTWZCS0FvcWRleXNBMHJHY3RlczVWZm1YUDRMa1hxNXhQNmV1MWhmSU1ObXM1UTk4QTdsck9TZG5BNzJYClFNKzBBc1ovckhZQ0hnRUFqNjdIK0drTFhQeEFzelZ4UTZpRHRJMmhyWVVKYmNFSTg1REF0RFNhc2xGS2JHLzMKNU53b1U0VTZjVXMxcHZiTjFsVFZvTGVFTHFoYU9EMkdiUnRYb0h4UnFBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo</span><span class="o">=</span> server: https://10.11.106.116:6443 name: k8s contexts: - context: cluster: k8s user: k8s-user name: k8s current-context: k8s kind: Config preferences: <span class="o">{}</span> <span class="nb">users</span>: - name: k8s-user user: token: token::00669e4efab3674984256068943beee135d06d1a Connection to 10.11.106.116 closed. </code></pre> </div> <p>Pour bénéficier localement du client kubectl :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# juju expose k8s root@lxd:~# snap <span class="nb">install </span>kubectl <span class="nt">--classic</span> snap <span class="s2">"kubectl"</span> is already installed, see <span class="s1">'snap help refresh'</span> root@lxd:~# <span class="nb">mkdir</span> .kube root@lxd:~# juju ssh k8s/0 <span class="s1">'sudo k8s config'</span> <span class="o">&gt;</span> .kube/config Connection to 10.11.106.116 closed. root@lxd:~# <span class="nb">chmod </span>400 .kube/config root@lxd:~# kubectl cluster-info Kubernetes control plane is running at https://10.11.106.116:6443 CoreDNS is running at https://10.11.106.116:6443/api/v1/namespaces/kube-system/services/coredns:udp-53/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> root@lxd:~# kubectl get nodes <span class="nt">-o</span> wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME juju-85fd7d-0 Ready control-plane,worker 11m v1.29.3 10.11.106.116 &lt;none&gt; Ubuntu 22.04.4 LTS 5.15.0-67-generic containerd://1.6.28 juju-85fd7d-1 Ready worker 7m47s v1.29.3 10.11.106.20 &lt;none&gt; Ubuntu 22.04.4 LTS 5.15.0-67-generic containerd://1.6.28 juju-85fd7d-2 Ready worker 7m34s v1.29.3 10.11.106.178 &lt;none&gt; Ubuntu 22.04.4 LTS 5.15.0-67-generic containerd://1.6.28 root@lxd:~# lxc <span class="nb">ls</span> +---------------+---------+--------------------------+------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +---------------+---------+--------------------------+------+-----------+-----------+ | juju-85fd7d-0 | RUNNING | 10.11.106.116 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | | | | 10.1.0.231 <span class="o">(</span>cilium_host<span class="o">)</span> | | | | +---------------+---------+--------------------------+------+-----------+-----------+ | juju-85fd7d-1 | RUNNING | 10.11.106.20 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | | | | 10.1.1.16 <span class="o">(</span>cilium_host<span class="o">)</span> | | | | +---------------+---------+--------------------------+------+-----------+-----------+ | juju-85fd7d-2 | RUNNING | 10.11.106.178 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | | | | 10.1.2.20 <span class="o">(</span>cilium_host<span class="o">)</span> | | | | +---------------+---------+--------------------------+------+-----------+-----------+ | juju-b6d031-0 | RUNNING | 10.11.106.167 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | +---------------+---------+--------------------------+------+-----------+-----------+ </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ny-Ug0vl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/500/1%2AILSNou-WNpAWHzy3_8g9Wg.jpeg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ny-Ug0vl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/500/1%2AILSNou-WNpAWHzy3_8g9Wg.jpeg" alt="" width="500" height="749"></a></p> <p>Comme dans l’article précédent, je peux bénéficier d’Ollama et des LLM ouverts via Helm :</p> <ul> <li><a href="https://ollama.com/">Ollama</a></li> <li> <a href="https://github.com/otwld/ollama-helm">GitHub - otwld/ollama-helm: Helm chart for Ollama on Kubernetes</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash Downloading https://get.helm.sh/helm-v3.14.3-linux-amd64.tar.gz Verifying checksum... Done. Preparing to <span class="nb">install </span>helm into /usr/local/bin helm installed into /usr/local/bin/helm root@lxd:~# helm <span class="nb">ls </span>NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION root@lxd:~# kubectl create namespace ollama namespace/ollama created root@lxd:~# helm <span class="nb">install </span>ollama ollama-helm/ollama <span class="nt">--namespace</span> ollama NAME: ollama LAST DEPLOYED: NAMESPACE: ollama STATUS: deployed REVISION: 1 NOTES: 1. Get the application URL by running these commands: <span class="nb">export </span><span class="nv">POD_NAME</span><span class="o">=</span><span class="si">$(</span>kubectl get pods <span class="nt">--namespace</span> ollama <span class="nt">-l</span> <span class="s2">"app.kubernetes.io/name=ollama,app.kubernetes.io/instance=ollama"</span> <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s2">"{.items[0].metadata.name}"</span><span class="si">)</span> <span class="nb">export </span><span class="nv">CONTAINER_PORT</span><span class="o">=</span><span class="si">$(</span>kubectl get pod <span class="nt">--namespace</span> ollama <span class="nv">$POD_NAME</span> <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s2">"{.spec.containers[0].ports[0].containerPort}"</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"Visit http://127.0.0.1:8080 to use your application"</span> kubectl <span class="nt">--namespace</span> ollama port-forward <span class="nv">$POD_NAME</span> 8080:<span class="nv">$CONTAINER_PORT</span> root@lxd:~# helm <span class="nb">ls</span> <span class="nt">--namespace</span> ollama NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION ollama ollama 1 2024-03-31 13:11:43.199405708 +0000 UTC deployed ollama-0.21.1 0.1.30 root@lxd:~# kubectl get po,svc <span class="nt">-n</span> ollama NAME READY STATUS RESTARTS AGE pod/ollama-75c7b79658-rnf7h 1/1 Running 0 94s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE service/ollama ClusterIP 10.152.183.78 &lt;none&gt; 11434/TCP 94s </code></pre> </div> <p>Et je peux exposer localement l’API RESTful d’Ollama :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# kubectl port-forward service/ollama <span class="nt">-n</span> ollama 11434:11434 <span class="nt">--address</span><span class="o">=</span><span class="s1">'0.0.0.0'</span> Forwarding from 0.0.0.0:11434 -&gt; 11434 root@lxd:~# netstat <span class="nt">-tunlp</span> Active Internet connections <span class="o">(</span>only servers<span class="o">)</span> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:<span class="k">*</span> LISTEN 1399/sshd: /usr/sbi tcp 0 0 10.11.106.1:53 0.0.0.0:<span class="k">*</span> LISTEN 9929/dnsmasq tcp 0 0 0.0.0.0:11434 0.0.0.0:<span class="k">*</span> LISTEN 52634/kubectl tcp 0 0 127.0.0.53:53 0.0.0.0:<span class="k">*</span> LISTEN 623/systemd-resolve tcp6 0 0 :::8443 :::<span class="k">*</span> LISTEN 9784/lxd tcp6 0 0 :::22 :::<span class="k">*</span> LISTEN 1399/sshd: /usr/sbi udp 0 0 10.11.106.1:53 0.0.0.0:<span class="k">*</span> 9929/dnsmasq udp 0 0 127.0.0.53:53 0.0.0.0:<span class="k">*</span> 623/systemd-resolve udp 0 0 0.0.0.0:67 0.0.0.0:<span class="k">*</span> 9929/dnsmasq </code></pre> </div> <p>Récupération du client Ollama via GitHub :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--yBcCavzb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/0%2A9roIeJ1BGnfVeXfC" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--yBcCavzb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/1024/0%2A9roIeJ1BGnfVeXfC" alt="" width="800" height="516"></a></p> <p><a href="https://github.com/ollama/ollama/releases">Releases · ollama/ollama</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# wget <span class="nt">-c</span> https://github.com/ollama/ollama/releases/download/v0.1.30/ollama-linux-amd64 <span class="o">&amp;&amp;</span> <span class="nb">chmod</span> +x ollama-linux-amd64 <span class="o">&amp;&amp;</span> <span class="nb">mv </span>ollama-linux-amd64 /usr/local/bin/ollama Resolving objects.githubusercontent.com <span class="o">(</span>objects.githubusercontent.com<span class="o">)</span>... 185.199.111.133, 185.199.108.133, 185.199.109.133, ... Connecting to objects.githubusercontent.com <span class="o">(</span>objects.githubusercontent.com<span class="o">)</span>|185.199.111.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 297108760 <span class="o">(</span>283M<span class="o">)</span> <span class="o">[</span>application/octet-stream] Saving to: ‘ollama-linux-amd64’ ollama-linux-amd64 100%[<span class="o">=====================================================================================================&gt;]</span> 283.34M 351MB/s <span class="k">in </span>0.8s <span class="o">(</span>351 MB/s<span class="o">)</span> - ‘ollama-linux-amd64’ saved <span class="o">[</span>297108760/297108760] </code></pre> </div> <p>Pour exécuter par exemple ici Code Llama, une famille de LLM pour le code basée sur Llama 2 :</p> <ul> <li><a href="https://huggingface.co/docs/transformers/model_doc/code_llama">CodeLlama</a></li> <li> <a href="https://github.com/meta-llama/codellama">GitHub - meta-llama/codellama: Inference code for CodeLlama models</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@lxd:~# ollama run codellama pulling manifest pulling 3a43f93b78ec... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 3.8 GB pulling 8c17c2ebb0ea... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 7.0 KB pulling 590d74a5569b... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 4.8 KB pulling 2e0493f67d0c... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 59 B pulling 7f6a57943a88... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 120 B pulling 316526ac7323... 100% ▕██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████▏ 529 B verifying sha256 digest writing manifest removing any unused layers success </code></pre> </div> <p>Avec ces petits exemples à parfaire …<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">&gt;&gt;&gt;</span> How deploy manifest with Juju inside Kubernetes cluster ? To deploy a manifest file with Juju inside a Kubernetes cluster, you can follow these steps: 1. Install Juju on your <span class="nb">local </span>machine and connect it to the Kubernetes cluster that you want to deploy the manifest file to. 2. Create a Juju model <span class="k">for </span>the Kubernetes cluster by running the following <span class="nb">command</span>: juju add-model &lt;cluster-name&gt; Replace <span class="sb">`</span>&lt;cluster-name&gt;<span class="sb">`</span> with the name of your Kubernetes cluster. 3. Set the deployment environment to the Kubernetes cluster that you want to deploy the manifest file to by running the following <span class="nb">command</span>: juju set-environment &lt;cluster-name&gt; 4. Create a new Juju application using the <span class="sb">`</span>juju add<span class="sb">`</span> <span class="nb">command</span>, passing <span class="k">in </span>the name of the application and the path to the manifest file as arguments. For example: juju add my-application manifests/my-application.yaml Replace <span class="sb">`</span>&lt;my-application&gt;<span class="sb">`</span> with the name of your application and <span class="sb">`</span>&lt;manifests/my-application.yaml&gt;<span class="sb">`</span> with the path to your manifest file. 5. Deploy the application by running the following <span class="nb">command</span>: juju deploy my-application This will deploy the application using the configuration specified <span class="k">in </span>the manifest file. 6. Once the deployment is <span class="nb">complete</span>, you can manage the application using standard Juju commands, such as <span class="sb">`</span>juju status<span class="sb">`</span> to view the status of the application and <span class="sb">`</span>juju logs<span class="sb">`</span> to view the logs <span class="k">for </span>the application. 7. To remove the application from the Kubernetes cluster, you can use the <span class="sb">`</span>juju destroy<span class="sb">`</span> <span class="nb">command</span>: juju destroy my-application This will destroy the application and all its resources <span class="k">in </span>the Kubernetes cluster. Note that this is a basic example of how to deploy a manifest file with Juju inside a Kubernetes cluster. There are many other options and features available <span class="k">in </span>Juju, so you can explore those as well. <span class="o">&gt;&gt;&gt;</span> How deploy a Pod with Rust inside Kubernetes ? To deploy a Pod with Rust inside a Kubernetes cluster, you can follow these steps: 1. Install the <span class="sb">`</span>cargo<span class="sb">`</span> package on your <span class="nb">local </span>machine by running the following <span class="nb">command</span>: <span class="nb">sudo </span>apt-get <span class="nb">install </span>cargo 2. Create a new Rust project using the <span class="sb">`</span>cargo new<span class="sb">`</span> <span class="nb">command</span>, passing <span class="k">in </span>the name of your project as an argument. For example: cargo new my-rust-project 3. Change into the directory of your new project by running the following <span class="nb">command</span>: <span class="nb">cd </span>my-rust-project 4. Add the <span class="sb">`</span>kubernetes<span class="sb">`</span> crate to your projects dependencies by adding the following line to your <span class="sb">`</span>Cargo.toml<span class="sb">`</span> file: <span class="o">[</span>dependencies] kubernetes <span class="o">=</span> <span class="s2">"0.18"</span> 5. Create a new Rust file <span class="k">for </span>your Kubernetes deployment, such as <span class="sb">`</span>deployment.rs<span class="sb">`</span>, and add the following code to it: use kubernetes::api::Api<span class="p">;</span> use kubernetes::config::Configuration<span class="p">;</span> use kubernetes::apis::CoreApi<span class="p">;</span> fn main<span class="o">()</span> <span class="o">{</span> <span class="nb">let </span>config <span class="o">=</span> Configuration::new<span class="o">(</span><span class="s2">"https://&lt;your-kubernetes-cluster&gt;"</span><span class="o">)</span><span class="p">;</span> <span class="nb">let </span>client <span class="o">=</span> Api::all<span class="o">(</span>config<span class="o">)</span><span class="p">;</span> <span class="nb">let </span>pod <span class="o">=</span> client.create_namespaced_pod<span class="o">(</span> <span class="s2">"default"</span>, &amp;Api::Pod<span class="o">(</span><span class="s2">"my-rust-deployment"</span><span class="o">)</span>, None, <span class="o">)</span><span class="p">;</span> <span class="o">}</span> Replace <span class="sb">`</span>&lt;your-kubernetes-cluster&gt;<span class="sb">`</span> with the URL of your Kubernetes cluster. 6. Compile your Rust code by running the following <span class="nb">command</span>: cargo build <span class="nt">--release</span> 7. Run your Rust code by running the following <span class="nb">command</span>: ./target/release/deployment This will deploy a new Pod with Rust inside the <span class="sb">`</span>default<span class="sb">`</span> namespace of your Kubernetes cluster. You can view the status of your Pod using the <span class="sb">`</span>kubectl get pods<span class="sb">`</span> command. Note that this is a basic example of how to deploy a Pod with Rust inside a Kubernetes cluster. There are many other options and features available <span class="k">in </span>Rust, so you can explore those as well <span class="o">&gt;&gt;&gt;</span> Send a message <span class="o">(</span>/? <span class="k">for </span><span class="nb">help</span><span class="o">)</span> </code></pre> </div> <p>Canonical Kubernetes peut également être installé à l’intérieur d’un conteneur LXD en utilisant le profil énoncé çi-dessus comme le précise cette documentation détaillée …</p> <p><a href="https://documentation.ubuntu.com/canonical-kubernetes/main/howto/install/lxd/">Install Canonical Kubernetes in LXD</a></p> <p>Sans compter qu’Ollama et une interface graphique conviviale avec Open WebUI pourraient être installé via Snap ou Helm :</p> <ul> <li><a href="https://ubuntu.com//blog/deploying-open-language-models-on-ubuntu">Deploying Open Language Models on Ubuntu | Ubuntu</a></li> <li><a href="https://docs.openwebui.com/getting-started/installation/">Alternative Installation | Open WebUI</a></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Zjpe26-D--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/605/1%2AfHy6aM2InvWnyH3JwlZISA.jpeg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Zjpe26-D--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/605/1%2AfHy6aM2InvWnyH3JwlZISA.jpeg" alt="" width="605" height="455"></a></p> <p>À suivre !</p> kubernetes containers llm ai Karim Sun, 25 Feb 2024 21:45:59 +0000 https://forem.com/deep75/k8s-snap-canonical-kubernetes-pour-un-deploiement-simple-et-rapide-dun-cluster-k8s--4hi5 https://forem.com/deep75/k8s-snap-canonical-kubernetes-pour-un-deploiement-simple-et-rapide-dun-cluster-k8s--4hi5 <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AoD8pTT1WTzCB0kQzeTuR_w.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AoD8pTT1WTzCB0kQzeTuR_w.png"></a></p> <p>Focus sur Canonical Kubernetes, une distribution Kubernetes minimaliste (à l’image de k0s/k3s) livrée en quelques clics via Snap. L’accent est notamment mis sur des opérations simplifiées et une posture de sécurité renforcée sur n’importe quelle infrastructure.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F0%2A7ee6sReX_IYzffBr" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F0%2A7ee6sReX_IYzffBr"></a></p> <ul> <li><a href="https://github.com/canonical/k8s-snap" rel="noopener noreferrer">GitHub - canonical/k8s-snap: Canonical Kubernetes is an opinionated and CNCF conformant Kubernetes operated by Snaps and Charms, which come together to bring simplified operations and an enhanced security posture on any infrastructure.</a></li> <li><a href="https://snapcraft.io/k8s" rel="noopener noreferrer">Install Canonical Kubernetes on Linux | Snap Store</a></li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F0%2AfzQa2CSFE0X3AXHO.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F0%2AfzQa2CSFE0X3AXHO.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F500%2F0%2AM_kQ2Y-s8x1wcvml.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F500%2F0%2AM_kQ2Y-s8x1wcvml.jpg"></a></p> <p>Pour cela, déploiement sur une instance Ubuntu 22.04 LTS dans OVH qui autorise la virtualisation imbriquée :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AbDjr5fJfPwnxaLoo4GouMA.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AbDjr5fJfPwnxaLoo4GouMA.png"></a></p> <p>Je commence par y installer Multipass pour lancer un groupe de trois machines virtuelles :</p> <p><a href="https://multipass.run/" rel="noopener noreferrer">Multipass orchestrates virtual Ubuntu instances</a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A0zMjJHQdIbZz-nYuroJutg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A0zMjJHQdIbZz-nYuroJutg.png"></a></p> <p>Dès lors lancement des trois VMs Ubuntu 22.04 LTS pour initier l’ossature du futur cluster k8s :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AvHYLpHsjeUyDllEXqyZZ6g.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AvHYLpHsjeUyDllEXqyZZ6g.png"></a></p> <p>Dans la première machine virtuelle qui va supporter la plan de contrôle, installation de k8s-snap rapidement via Snap :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AixipmASq82vKfCIIL60Ugw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AixipmASq82vKfCIIL60Ugw.png"></a></p> <p>Le cluster k8s est initialisé et prêt pour rattacher un noeud Worker :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AcIyiP_B1WrqnxvtQdCv-dw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AcIyiP_B1WrqnxvtQdCv-dw.png"></a></p> <p>Pour cela génération d’un token :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Ax3TTSQqk3tSa91CSDQGR1g.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Ax3TTSQqk3tSa91CSDQGR1g.png"></a></p> <p>Dès lors, il est possible de rattacher le nouveau noeud Worker au cluster via ce token généré précedemment :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A1RU96f0nODsKUVB1j8r-Pw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A1RU96f0nODsKUVB1j8r-Pw.png"></a></p> <p>Rattachement d’un autre noeud Worker avec ce même token :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AbGt2I6O53u_DRct2yurbVQ.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AbGt2I6O53u_DRct2yurbVQ.png"></a></p> <p>Les noeuds Worker sont alors opérationnels dans le cluster :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AZEy77_KktatLVUC1V0MpnQ.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AZEy77_KktatLVUC1V0MpnQ.png"></a></p> <p>Il est possible de récupérer le fichier kubeconfig pour pouvoir utiliser le client kubectl :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AtkgG2ODW02nnnpGCq61reg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AtkgG2ODW02nnnpGCq61reg.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AGJd2BdQuYLgIXrS7r8XsSg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AGJd2BdQuYLgIXrS7r8XsSg.png"></a></p> <p>Lancement d’un Pod Ubuntu très rapidement :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Akj5r3sB_gulqF5XY_lvSkg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Akj5r3sB_gulqF5XY_lvSkg.png"></a></p> <p>qui va servir ici au lancement d’Ollama :</p> <p><a href="https://github.com/ollama/ollama" rel="noopener noreferrer">GitHub - ollama/ollama: Get up and running with Llama 2, Mistral, Gemma, and other large language models.</a></p> <blockquote> <p>Ollama est une plateforme qui permet aux utilisateurs d’exécuter de grands modèles de langages (LLM), tels que Mistral, Gemma, Llama 2 de Research Lab et d’autres … , directement sur leurs ordinateurs personnels plutôt que de dépendre uniquement de services en nuage. Il permet de télécharger des modèles pré-entraînés compatibles avec différents systèmes d’exploitation, notamment macOS, Linux et des versions préliminaires pour Windows. Les utilisateurs peuvent également personnaliser et développer leurs propres applications en utilisant ces modèles.</p> </blockquote> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AJG7emGIeQDukzD7uGLdx_A.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AJG7emGIeQDukzD7uGLdx_A.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A44_Mm1XHDdTa8q6J1-gmgQ.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2A44_Mm1XHDdTa8q6J1-gmgQ.png"></a></p> <p>Ici sans l’utilisation d’une carte GPU et en mode CPU uniquement via de petits LLMs comme le très récent Gemma :</p> <ul> <li><a href="https://www.lemondeinformatique.fr/actualites/lire-google-devoile-gemma-et-ses-2-modeles-ia-ouverts-93031.html" rel="noopener noreferrer">Google dévoile Gemma et ses 2 modèles IA ouverts - Le Monde Informatique</a></li> <li><a href="https://blog.google/technology/developers/gemma-open-models/" rel="noopener noreferrer">Gemma: Introducing new state-of-the-art open models</a></li> <li><a href="https://ollama.com/library/gemma" rel="noopener noreferrer">gemma</a></li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ARucrkioq8Ct7-fxX3qVB5Q.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ARucrkioq8Ct7-fxX3qVB5Q.png"></a></p> <p>avec une petite interrogation :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AGHJ4Yaoc0goI96j5IUSmOA.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AGHJ4Yaoc0goI96j5IUSmOA.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AtRrNA4dtBlQLg0kmS8NpgA.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AtRrNA4dtBlQLg0kmS8NpgA.png"></a></p> <p>La même chose avec un autre LLM :</p> <ul> <li><a href="https://ollama.com/library/qwen" rel="noopener noreferrer">qwen</a></li> <li><a href="https://huggingface.co/Qwen" rel="noopener noreferrer">Qwen (Qwen)</a></li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AgVl9ha5nsSFkq9gaPs_12A.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2AgVl9ha5nsSFkq9gaPs_12A.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Aca5b-kY_okmQAAZYWn8hjg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2Aca5b-kY_okmQAAZYWn8hjg.png"></a></p> <p>avec une faible consommation de ressources …</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ALGRnRRnYeYFmQw50Oe-eEg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F1024%2F1%2ALGRnRRnYeYFmQw50Oe-eEg.png"></a></p> <p>Canonical Kubernetes est donc un moyen très rapide et très simple de déployer un cluster Kubernetes entièrement conforme.</p> <blockquote> <p>Cette distribution ajoute des pièces manquantes (par exemple, Ingress, DNS, Réseau) pour une expérience “Zéro-op”. Pour les clusters à un seul nœud, elle peut être déployée avec deux commandes. Et Ajouter de nouveaux nœuds avec seulement deux autres commandes …</p> </blockquote> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F642%2F0%2A1Wfz2CBsHS_aIaVn.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F642%2F0%2A1Wfz2CBsHS_aIaVn.jpg"></a></p> <p>À suivre !</p> llm kubernetes ubuntu ai Karim Sat, 11 Mar 2023 17:16:05 +0000 https://forem.com/deep75/deployer-un-cluster-nomad-et-consul-tres-rapidement-avec-hashi-up--3bn6 https://forem.com/deep75/deployer-un-cluster-nomad-et-consul-tres-rapidement-avec-hashi-up--3bn6 <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--gL4qVF2u--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/855/0%2AqF6HFpBVho5EJxbq.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--gL4qVF2u--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/855/0%2AqF6HFpBVho5EJxbq.png" alt="" width="855" height="522"></a></p> <p>Hashi-up est un utilitaire léger qui permet d’installer HashiCorp Consul, Nomad ou Vault sur n’importe quel hôte Linux distant.</p> <p><a href="https://dev.to/deep75/load-balancing-avec-haproxy-nomad-et-consul--1ga4">Load Balancing avec HAProxy, Nomad et Consul …</a></p> <blockquote> <p>Tout ce dont vous avez besoin est un accès ssh et le binaire hashi-up pour construire son cluster.</p> </blockquote> <p><a href="https://github.com/jsiebens/hashi-up">GitHub - jsiebens/hashi-up: bootstrap HashiCorp Consul, Nomad, or Vault over SSH &lt; 1 minute</a></p> <p>L’outil est écrit en Go et est compilé pour Linux, Windows, MacOS et même pour Raspberry Pi.</p> <p><a href="https://johansiebens.dev/posts/2020/08/building-a-nomad-cluster-on-raspberry-pi-running-ubuntu-server/">Building a Nomad cluster on Raspberry Pi running Ubuntu server</a></p> <blockquote> <p>Ce projet est fortement inspiré du travail d’Alex Ellis qui a créé k3sup, un outil pour passer de zéro à KUBECONFIG avec k3s.</p> </blockquote> <ul> <li><a href="https://deep75.medium.com/openstack-sur-lxd-avec-juju-et-k3sup-dans-phoenixnap-e5867a487497">OpenStack sur LXD avec Juju et k3sup dans phoenixNAP …</a></li> <li><a href="https://dev.to/deep75/acceder-a-lensemble-du-cluster-kubernetes-avec-tailscale--2eci">Accéder à l’ensemble du cluster Kubernetes avec Tailscale …</a></li> <li><a href="https://github.com/alexellis/k3sup">GitHub - alexellis/k3sup: bootstrap K3s over SSH in &lt; 60s 🚀</a></li> </ul> <p>Implémentation avec le lancement d’un serveur Ubuntu 22.04 LTS autorisant la virtualisation imbriquée dans DigitalOcean :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">curl</span><span class="w"> </span><span class="err">-X</span><span class="w"> </span><span class="err">POST</span><span class="w"> </span><span class="err">-H</span><span class="w"> </span><span class="err">'Content-Type:</span><span class="w"> </span><span class="err">application/json'</span><span class="w"> </span><span class="err">\</span><span class="w"> </span><span class="err">-H</span><span class="w"> </span><span class="err">'Authorization:</span><span class="w"> </span><span class="err">Bearer</span><span class="w"> </span><span class="err">'$TOKEN''</span><span class="w"> </span><span class="err">\</span><span class="w"> </span><span class="err">-d</span><span class="w"> </span><span class="err">'</span><span class="p">{</span><span class="nl">"name"</span><span class="p">:</span><span class="s2">"minione"</span><span class="p">,</span><span class="w"> </span><span class="nl">"size"</span><span class="p">:</span><span class="s2">"m-4vcpu-32gb"</span><span class="p">,</span><span class="w"> </span><span class="nl">"region"</span><span class="p">:</span><span class="s2">"fra1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"image"</span><span class="p">:</span><span class="s2">"ubuntu-22-04-x64"</span><span class="p">,</span><span class="w"> </span><span class="nl">"monitoring"</span><span class="p">:</span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"vpc_uuid"</span><span class="p">:</span><span class="s2">"8b8c0544-e7b6-4d0a-977d-4406ea518f7a"</span><span class="p">}</span><span class="err">'</span><span class="w"> </span><span class="err">\</span><span class="w"> </span><span class="s2">"https://api.digitalocean.com/v2/droplets"</span><span class="w"> </span></code></pre> </div> <ul> <li><a href="https://www.digitalocean.com/blog/introducing-premium-cpu-optimized-droplets">Introducing Premium CPU-Optimized Droplets | DigitalOcean</a></li> <li><a href="https://www.digitalocean.com/">DigitalOcean | The Cloud for Builders</a></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--LoGwzHbU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AvSkuuqMmE14Wi4Z3lAZOyg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--LoGwzHbU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AvSkuuqMmE14Wi4Z3lAZOyg.png" alt="" width="880" height="277"></a></p> <p>Je vais y installer OpenNebula via le script miniONE :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--qmXaPFMm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A-5ao6A9ExiYDx4h_huzocA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--qmXaPFMm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A-5ao6A9ExiYDx4h_huzocA.png" alt="" width="880" height="361"></a></p> <ul> <li><a href="https://opennebula.io/">OpenNebula - Open Source Cloud &amp; Edge Computing Platform</a></li> <li><a href="https://github.com/OpenNebula/minione">GitHub - OpenNebula/minione: Easy to use deployment tool for an OpenNebula evaluation environment</a></li> <li> <a href="https://dev.to/deep75/opennebula-6-0-mutara-imbrique-dans-lxd-application-au-deploiement-d-un-cluster-microk8s-1-21-453m">OpenNebula 6.0 “Mutara” imbriqué dans LXD : application au déploiement d’un cluster MicroK8s 1.21 …</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@minione:~# wget <span class="nt">-c</span> https://raw.githubusercontent.com/OpenNebula/minione/master/minione <span class="nt">--2023-03-11</span> 14:21:46-- https://raw.githubusercontent.com/OpenNebula/minione/master/minione Resolving raw.githubusercontent.com <span class="o">(</span>raw.githubusercontent.com<span class="o">)</span>... 185.199.110.133, 185.199.109.133, 185.199.111.133, ... Connecting to raw.githubusercontent.com <span class="o">(</span>raw.githubusercontent.com<span class="o">)</span>|185.199.110.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 51458 <span class="o">(</span>50K<span class="o">)</span> <span class="o">[</span>text/plain] Saving to: ‘minione’ minione 100%[<span class="o">=============================================================================================&gt;]</span> 50.25K <span class="nt">--</span>.-KB/s <span class="k">in </span>0s 2023-03-11 14:21:46 <span class="o">(</span>149 MB/s<span class="o">)</span> - ‘minione’ saved <span class="o">[</span>51458/51458] </code></pre> </div> <p>Déploiement automatisé très rapidement avec lancement du script :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@minione:~# bash minione <span class="c">### Checks &amp; detection</span> Checking augeas is installed SKIP will try to <span class="nb">install </span>Checking AppArmor SKIP will try to modify Checking <span class="k">for </span>present ssh key SKIP Checking <span class="o">(</span>iptables|netfilter<span class="o">)</span><span class="nt">-persistent</span> are installed SKIP will try to <span class="nb">install </span>Checking docker is installed SKIP will try to <span class="nb">install </span>Checking python3-pip is installed SKIP will try to <span class="nb">install </span>Checking ansible SKIP will try to <span class="nb">install </span>Checking terraform SKIP will try to <span class="nb">install </span>Checking unzip is installed SKIP will try to <span class="nb">install</span> <span class="c">### Main deployment steps:</span> Install OpenNebula frontend version 6.6 Install Terraform Install Docker Configure bridge minionebr with IP 172.16.100.1/24 Enable NAT over eth0 Modify AppArmor Install OpenNebula KVM node Export appliance and update VM template Install augeas-tools iptables-persistent netfilter-persistent python3-pip unzip Install pip <span class="s1">'ansible==2.9.9'</span> Do you agree? <span class="o">[</span><span class="nb">yes</span>/no]: <span class="nb">yes</span> <span class="c">### Installation</span> Updating APT cache OK Install augeas-tools iptables-persistent netfilter-persistent python3-pip unzip OK Updating PIP OK Install from PyPI <span class="s1">'ansible==2.9.9'</span> OK Creating bridge interface minionebr OK Bring bridge interfaces up OK Enabling IPv4 forward OK Persisting IPv4 forward OK Configuring NAT using iptables OK Saving iptables changes OK Installing DNSMasq OK Starting DNSMasq OK Configuring repositories OK Updating APT cache OK Installing OpenNebula packages OK Installing opennebula-provision package OK Installing TerraForm OK Create docker packages repository OK Install docker OK Start docker service OK Enable docker service OK Installing OpenNebula kvm node packages OK Updating AppArmor OK Disable default libvirtd networking OK Restart libvirtd OK <span class="c">### Configuration</span> Generating ssh keypair <span class="k">in</span> /root/.ssh-oneprovision/id_rsa OK Add oneadmin to docker group OK Update network hooks OK Switching OneGate endpoint <span class="k">in </span>oned.conf OK Switching OneGate endpoint <span class="k">in </span>onegate-server.conf OK Switching keep_empty_bridge on <span class="k">in </span>OpenNebulaNetwork.conf OK Switching scheduler interval <span class="k">in </span>oned.conf OK Setting initial password <span class="k">for </span>current user and oneadmin OK Changing WebUI to listen on port 80 OK Switching FireEdge public endpoint OK Starting OpenNebula services OK Enabling OpenNebula services OK Add ssh key to oneadmin user OK Update ssh configs to allow VM addresses reusing OK Ensure own <span class="nb">hostname </span>is resolvable OK Checking OpenNebula is working OK Disabling ssh from virtual network OK Adding localhost ssh key to known_hosts OK Testing ssh connection to localhost OK Updating datastores template OK Creating KVM host OK Restarting OpenNebula OK Creating virtual network OK Exporting <span class="o">[</span>Alpine Linux 3.17] from Marketplace to <span class="nb">local </span>datastore OK Waiting <span class="k">until </span>the image is ready OK Updating VM template OK <span class="c">### Report</span> OpenNebula 6.6 was installed Sunstone is running on: http://164.90.215.231/ FireEdge is running on: http://164.90.215.231:2616/ Use following to login: user: oneadmin password: SyEnJiYuWC </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--59KqDYm_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AieCHtpYOQ1j0HlnLPlZVKw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--59KqDYm_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AieCHtpYOQ1j0HlnLPlZVKw.png" alt="" width="880" height="458"></a></p> <p>chargement d’une image Ubuntu 22.04 LTS pour création de plusieures machines virtuelles :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--krpplbcI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ADuJNpDTqzPe8ttSfyFPDGA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--krpplbcI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ADuJNpDTqzPe8ttSfyFPDGA.png" alt="" width="880" height="458"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s---0ULMxqE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ABqIC-QChw2U4Q2S_fLhqTg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s---0ULMxqE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ABqIC-QChw2U4Q2S_fLhqTg.png" alt="" width="880" height="458"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ti442phG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AL1XW6Qyqj7DPt3yaTzc2GA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ti442phG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AL1XW6Qyqj7DPt3yaTzc2GA.png" alt="" width="880" height="458"></a></p> <p>Lancement d’une première machine virtuelle sous Ubuntu :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--0wKuEZfy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A_DIouHvTZI60F2pNxtd05g.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--0wKuEZfy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A_DIouHvTZI60F2pNxtd05g.png" alt="" width="880" height="1608"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--eMgyh13o--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AqsoCPa-ts5RFYcb6yPG35A.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--eMgyh13o--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AqsoCPa-ts5RFYcb6yPG35A.png" alt="" width="880" height="458"></a></p> <p>et installation de hashi-up :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@minione:~# curl <span class="nt">-sLS</span> https://get.hashi-up.dev | sh Downloading package https://github.com/jsiebens/hashi-up/releases/download/v0.16.0/hashi-up as /tmp/hashi-up Download complete. Running with sufficient permissions to attempt to move hashi-up to /usr/local/bin New version of hashi-up installed to /usr/local/bin Version: 0.16.0 Git Commit: b062f5d root@minione:~# hashi-up version Version: 0.16.0 Git Commit: b062f5d </code></pre> </div> <p>pour la mise en place d’un serveur Consul :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--z30xH9M0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/500/0%2A-lsWslDmXvzY6WOo.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--z30xH9M0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/500/0%2A-lsWslDmXvzY6WOo.jpg" alt="" width="500" height="667"></a></p> <ul> <li><a href="https://github.com/jsiebens/hashi-up/blob/main/docs/consul.md">hashi-up/consul.md at main · jsiebens/hashi-up</a></li> <li> <a href="https://developer.hashicorp.com/consul/downloads">Install | Consul | HashiCorp Developer</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@minione:~# <span class="nb">export </span><span class="nv">IP</span><span class="o">=</span>172.16.100.2 root@minione:~# hashi-up consul <span class="nb">install</span> <span class="nt">--ssh-target-addr</span> <span class="nv">$IP</span> <span class="nt">--ssh-target-user</span> root <span class="nt">--server</span> <span class="nt">--client-addr</span> 0.0.0.0 <span class="nt">--ssh-target-key</span> .ssh/id_rsa <span class="nt">--version</span> 1.15.1 <span class="o">[</span>INFO] Uploading generated Consul configuration ... <span class="o">[</span>INFO] Installing Consul ... <span class="o">[</span>INFO] -&gt; User <span class="s1">'consul'</span> already exists, will not create again <span class="o">[</span>INFO] -&gt; Copying configuration files <span class="o">[</span>INFO] -&gt; Downloading consul_1.15.1_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Downloading consul_1.15.1_SHA256SUMS <span class="o">[</span>INFO] -&gt; Verifying downloaded consul_1.15.1_linux_amd64.zip consul_1.15.1_linux_amd64.zip: OK <span class="o">[</span>INFO] -&gt; Unpacking consul_1.15.1_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Adding systemd service file /etc/systemd/system/consul.service <span class="o">[</span>INFO] -&gt; Enabling systemd service <span class="o">[</span>INFO] -&gt; Starting systemd service <span class="o">[</span>INFO] Done. </code></pre> </div> <p>J’utilise “le VPN du pauvre” avec sshuttle pour me connecter au dashboard du serveur Consul :</p> <p><a href="https://sshuttle.readthedocs.io/en/stable/usage.html">Usage - sshuttle 1.1.1 documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>sshuttle <span class="nt">--dns</span> <span class="nt">-NHr</span> root@164.90.215.231 0.0.0.0/0  ✔  base   15:45:09  c : Connected to server. </code></pre> </div> <p>Ce qui peut me permettre d’atteindre le serveur Consul directement …</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--WJqNXqyB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ardoxv5-AKu3HFKN4ZEHDnA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--WJqNXqyB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ardoxv5-AKu3HFKN4ZEHDnA.png" alt="" width="880" height="587"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--87qcRIic--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A7v2kScc-Jm6Fc1mQmhCvZw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--87qcRIic--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A7v2kScc-Jm6Fc1mQmhCvZw.png" alt="" width="880" height="587"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--KcjVEwMA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AAl7dC8S12877LYLHLYzLrA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--KcjVEwMA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AAl7dC8S12877LYLHLYzLrA.png" alt="" width="880" height="587"></a></p> <p>Je peux y adjoindre un serveur Nomad avec hashi-up :</p> <p><a href="https://developer.hashicorp.com/nomad/downloads">Install | Nomad | HashiCorp Developer</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@minione:~# hashi-up nomad <span class="nb">install</span> <span class="nt">--ssh-target-addr</span> <span class="nv">$IP</span> <span class="nt">--ssh-target-user</span> root <span class="nt">--server</span> <span class="nt">--ssh-target-key</span> .ssh/id_rsa <span class="nt">--version</span> 1.5.0 <span class="o">[</span>INFO] Uploading generated Nomad configuration ... <span class="o">[</span>INFO] Installing Nomad ... <span class="o">[</span>INFO] -&gt; Copying configuration files <span class="o">[</span>INFO] -&gt; Downloading nomad_1.5.0_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Downloading nomad_1.5.0_SHA256SUMS <span class="o">[</span>INFO] -&gt; Verifying downloaded nomad_1.5.0_linux_amd64.zip nomad_1.5.0_linux_amd64.zip: OK <span class="o">[</span>INFO] -&gt; Unpacking nomad_1.5.0_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Adding systemd service file /etc/systemd/system/nomad.service <span class="o">[</span>INFO] -&gt; Enabling systemd service Created symlink /etc/systemd/system/multi-user.target.wants/nomad.service → /etc/systemd/system/nomad.service. <span class="o">[</span>INFO] -&gt; Starting systemd service <span class="o">[</span>INFO] Done. </code></pre> </div> <p>Une interface graphique est également accessible pour Nomad à cette étape …</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jzHfIBYt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AS66J6cN1oEpmXGdLaEQxPQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jzHfIBYt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AS66J6cN1oEpmXGdLaEQxPQ.png" alt="" width="880" height="587"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--6Vq8VA6c--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ALu2janbxBp8bzQoEau7KaA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--6Vq8VA6c--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ALu2janbxBp8bzQoEau7KaA.png" alt="" width="880" height="553"></a></p> <p>Lancement de la partie cliente de Consul et Nomad avec trois autres machines virtuelles sous Ubuntu 22.04 LTS dans OpenNebula :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--UDozp9X4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ahq7dRU1vkhUN1uNjXoTbgg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--UDozp9X4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ahq7dRU1vkhUN1uNjXoTbgg.png" alt="" width="880" height="1608"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--HIBlvJv7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AjlgPVjdvL4e8BIh2mTN-pw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--HIBlvJv7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AjlgPVjdvL4e8BIh2mTN-pw.png" alt="" width="880" height="440"></a></p> <p>Personnalisation de ces trois machines virtuelles avec Pyinfra, une autre alternative sous Python à Ansible avec pipx :</p> <p><a href="https://pyinfra.com/">pyinfra</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--6H3XZVIT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AHDDZzTyXkF4wBXg79GqCYA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--6H3XZVIT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AHDDZzTyXkF4wBXg79GqCYA.png" alt="" width="880" height="598"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@minione:~# pipx <span class="nb">install </span>pyinfra installed package pyinfra 2.6.2, installed using Python 3.10.6 These apps are now globally available - pyinfra ⚠️ Note: <span class="s1">'/root/.local/bin'</span> is not on your PATH environment variable. These apps will not be globally accessible <span class="k">until </span>your PATH is updated. Run <span class="sb">`</span>pipx ensurepath<span class="sb">`</span> to automatically add it, or manually modify your PATH <span class="k">in </span>your shell config file <span class="o">(</span>i.e. ~/.bashrc<span class="o">)</span><span class="nb">.</span> <span class="k">done</span><span class="o">!</span> ✨ 🌟 ✨ root@minione:~# pipx ensurepath Success! Added /root/.local/bin to the PATH environment variable. Consider adding shell completions <span class="k">for </span>pipx. Run <span class="s1">'pipx completions'</span> <span class="k">for </span>instructions. You will need to open a new terminal or re-login <span class="k">for </span>the PATH changes to take effect. Otherwise pipx is ready to go! ✨ 🌟 ✨ root@minione:~# <span class="nb">source</span> .bashrc root@minione:~# pyinfra <span class="nt">--help</span> Usage: pyinfra <span class="o">[</span>OPTIONS] INVENTORY OPERATIONS... pyinfra manages the state of one or more servers. It can be used <span class="k">for </span>app/service deployment, config management and ad-hoc <span class="nb">command </span>execution. Documentation: pyinfra.readthedocs.io <span class="c"># INVENTORY</span> + a file <span class="o">(</span>inventory.py<span class="o">)</span> + <span class="nb">hostname</span> <span class="o">(</span>host.net<span class="o">)</span> + Comma separated hostnames: host-1.net,host-2.net,@local <span class="c"># OPERATIONS</span> <span class="c"># Run one or more deploys against the inventory</span> pyinfra INVENTORY deploy_web.py <span class="o">[</span>deploy_db.py]... <span class="c"># Run a single operation against the inventory</span> pyinfra INVENTORY server.user pyinfra <span class="nv">home</span><span class="o">=</span>/home/pyinfra <span class="c"># Execute an arbitrary command against the inventory</span> pyinfra INVENTORY <span class="nb">exec</span> <span class="nt">--</span> <span class="nb">echo</span> <span class="s2">"hello world"</span> <span class="c"># Run one or more facts against the inventory</span> pyinfra INVENTORY fact server.LinuxName <span class="o">[</span>server.Users]... pyinfra INVENTORY fact files.File <span class="nv">path</span><span class="o">=</span>/path/to/file... <span class="c"># Debug the inventory hosts and data</span> pyinfra INVENTORY debug-inventory Options: <span class="nt">-v</span> Print meta <span class="o">(</span><span class="nt">-v</span><span class="o">)</span>, input <span class="o">(</span><span class="nt">-vv</span><span class="o">)</span> and output <span class="o">(</span><span class="nt">-vvv</span><span class="o">)</span><span class="nb">.</span> <span class="nt">--dry</span> Don<span class="s1">'t execute operations on the target hosts. --limit TEXT Restrict the target hosts by name and group name. --fail-percent INTEGER % of hosts that need to fail before exiting early. --data TEXT Override data values, format key=value. --group-data TEXT Paths to load additional group data from (overrides matching keys). --config TEXT Specify config file to use (default: config.py). --chdir TEXT Set the working directory before executing. --sudo Whether to execute operations with sudo. --sudo-user TEXT Which user to sudo when sudoing. --use-sudo-password Whether to use a password with sudo. --su-user TEXT Which user to su to. --shell-executable TEXT Shell to use (ex: "sh", "cmd", "ps"). --parallel INTEGER Number of operations to run in parallel. --no-wait Don'</span>t <span class="nb">wait </span>between operations <span class="k">for </span>hosts. <span class="nt">--serial</span> Run operations <span class="k">in </span>serial, host by host. <span class="nt">--ssh-user</span>, <span class="nt">--user</span> TEXT SSH user to connect as. <span class="nt">--ssh-port</span>, <span class="nt">--port</span> INTEGER SSH port to connect to. <span class="nt">--ssh-key</span>, <span class="nt">--key</span> PATH SSH Private key filename. <span class="nt">--ssh-key-password</span>, <span class="nt">--key-password</span> TEXT SSH Private key password. <span class="nt">--ssh-password</span>, <span class="nt">--password</span> TEXT SSH password. <span class="nt">--winrm-username</span> TEXT WINRM user to connect as. <span class="nt">--winrm-password</span> TEXT WINRM password. <span class="nt">--winrm-port</span> TEXT WINRM port to connect to. <span class="nt">--winrm-transport</span> TEXT WINRM transport <span class="k">for </span>use. <span class="nt">--support</span> Print useful information <span class="k">for </span>support and exit. <span class="nt">--quiet</span> Hide most pyinfra output. <span class="nt">--debug</span> Print debug info. <span class="nt">--debug-facts</span> Print facts after generating operations and exit. <span class="nt">--debug-operations</span> Print operations after generating and exit. <span class="nt">--version</span> Show the version and exit. <span class="nt">--help</span> Show this message and exit. root@minione:~# pyinfra 172.16.100.4 <span class="nb">exec</span> <span class="nt">--</span> hostnamectl set-hostname client0 <span class="nt">--</span><span class="o">&gt;</span> Loading config... <span class="nt">--</span><span class="o">&gt;</span> Loading inventory... <span class="nt">--</span><span class="o">&gt;</span> Connecting to hosts... No host key <span class="k">for </span>172.16.100.4 found <span class="k">in </span>known_hosts <span class="o">[</span>172.16.100.4] Connected <span class="o">[</span>172.16.100.4] Ready: shell <span class="nt">--</span><span class="o">&gt;</span> Proposed changes: Ungrouped: <span class="o">[</span>172.16.100.4] Operations: 1 Change: 1 No change: 0 <span class="nt">--</span><span class="o">&gt;</span> Beginning operation run... <span class="nt">--</span><span class="o">&gt;</span> Starting operation: Server/Shell <span class="o">(</span>hostnamectl set-hostname client0<span class="o">)</span> <span class="o">[</span>172.16.100.4] Success <span class="nt">--</span><span class="o">&gt;</span> Results: Ungrouped: <span class="o">[</span>172.16.100.4] Changed: 1 No change: 0 Errors: 0 root@minione:~# pyinfra 172.16.100.3 <span class="nb">exec</span> <span class="nt">--</span> hostnamectl set-hostname client1 <span class="nt">--</span><span class="o">&gt;</span> Loading config... <span class="nt">--</span><span class="o">&gt;</span> Loading inventory... <span class="nt">--</span><span class="o">&gt;</span> Connecting to hosts... No host key <span class="k">for </span>172.16.100.3 found <span class="k">in </span>known_hosts <span class="o">[</span>172.16.100.3] Connected <span class="o">[</span>172.16.100.3] Ready: shell <span class="nt">--</span><span class="o">&gt;</span> Proposed changes: Ungrouped: <span class="o">[</span>172.16.100.3] Operations: 1 Change: 1 No change: 0 <span class="nt">--</span><span class="o">&gt;</span> Beginning operation run... <span class="nt">--</span><span class="o">&gt;</span> Starting operation: Server/Shell <span class="o">(</span>hostnamectl set-hostname client1<span class="o">)</span> <span class="o">[</span>172.16.100.3] Success <span class="nt">--</span><span class="o">&gt;</span> Results: Ungrouped: <span class="o">[</span>172.16.100.3] Changed: 1 No change: 0 Errors: 0 root@minione:~# pyinfra 172.16.100.5 <span class="nb">exec</span> <span class="nt">--</span> hostnamectl set-hostname client2 <span class="nt">--</span><span class="o">&gt;</span> Loading config... <span class="nt">--</span><span class="o">&gt;</span> Loading inventory... <span class="nt">--</span><span class="o">&gt;</span> Connecting to hosts... No host key <span class="k">for </span>172.16.100.5 found <span class="k">in </span>known_hosts <span class="o">[</span>172.16.100.5] Connected <span class="o">[</span>172.16.100.5] Ready: shell <span class="nt">--</span><span class="o">&gt;</span> Proposed changes: Ungrouped: <span class="o">[</span>172.16.100.5] Operations: 1 Change: 1 No change: 0 <span class="nt">--</span><span class="o">&gt;</span> Beginning operation run... <span class="nt">--</span><span class="o">&gt;</span> Starting operation: Server/Shell <span class="o">(</span>hostnamectl set-hostname client2<span class="o">)</span> <span class="o">[</span>172.16.100.5] Success <span class="nt">--</span><span class="o">&gt;</span> Results: Ungrouped: <span class="o">[</span>172.16.100.5] Changed: 1 No change: 0 Errors: 0 </code></pre> </div> <p>Par ce biais, insertion du moteur Docker dans ces machines virtuelles :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>root@minione:~# cat inventory.py my_hosts = ["172.16.100.4", "172.16.100.3", "172.16.100.5"] root@minione:~# pyinfra inventory.py exec -- "curl -fsSL https://get.docker.com | sh -" --&gt; Loading config... --&gt; Loading inventory... --&gt; Connecting to hosts... No host key for 172.16.100.5 found in known_hosts No host key for 172.16.100.3 found in known_hosts [172.16.100.5] Connected No host key for 172.16.100.4 found in known_hosts [172.16.100.4] Connected [172.16.100.3] Connected [172.16.100.4] Ready: shell [172.16.100.3] Ready: shell [172.16.100.5] Ready: shell --&gt; Proposed changes: Groups: inventory / my_hosts [172.16.100.4] Operations: 1 Change: 1 No change: 0 [172.16.100.3] Operations: 1 Change: 1 No change: 0 [172.16.100.5] Operations: 1 Change: 1 No change: 0 --&gt; Beginning operation run... --&gt; Starting operation: Server/Shell (curl -fsSL https://get.docker.com | sh -) [172.16.100.5] # Executing docker install script, commit: 66474034547a96caa0a25be56051ff8b726a1b28 [172.16.100.5] + sh -c apt-get update -qq &gt;/dev/null [172.16.100.4] # Executing docker install script, commit: 66474034547a96caa0a25be56051ff8b726a1b28 [172.16.100.4] + sh -c apt-get update -qq &gt;/dev/null [172.16.100.3] # Executing docker install script, commit: 66474034547a96caa0a25be56051ff8b726a1b28 [172.16.100.3] + sh -c apt-get update -qq &gt;/dev/null [172.16.100.4] + sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl &gt;/dev/null [172.16.100.5] + sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl &gt;/dev/null [172.16.100.3] + sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl &gt;/dev/null [172.16.100.5] + sh -c mkdir -p /etc/apt/keyrings &amp;&amp; chmod -R 0755 /etc/apt/keyrings [172.16.100.5] + sh -c curl -fsSL "https://download.docker.com/linux/ubuntu/gpg" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg [172.16.100.5] + sh -c chmod a+r /etc/apt/keyrings/docker.gpg [172.16.100.5] + sh -c echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable" &gt; /etc/apt/sources.list.d/docker.list [172.16.100.5] + sh -c apt-get update -qq &gt;/dev/null [172.16.100.4] + sh -c mkdir -p /etc/apt/keyrings &amp;&amp; chmod -R 0755 /etc/apt/keyrings [172.16.100.3] + sh -c mkdir -p /etc/apt/keyrings &amp;&amp; chmod -R 0755 /etc/apt/keyrings [172.16.100.4] + sh -c curl -fsSL "https://download.docker.com/linux/ubuntu/gpg" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg [172.16.100.3] + sh -c curl -fsSL "https://download.docker.com/linux/ubuntu/gpg" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg [172.16.100.3] + sh -c chmod a+r /etc/apt/keyrings/docker.gpg [172.16.100.3] + sh -c echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable" &gt; /etc/apt/sources.list.d/docker.list [172.16.100.3] + sh -c apt-get update -qq &gt;/dev/null [172.16.100.4] + sh -c chmod a+r /etc/apt/keyrings/docker.gpg [172.16.100.4] + sh -c echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable" &gt; /etc/apt/sources.list.d/docker.list [172.16.100.4] + sh -c apt-get update -qq &gt;/dev/null [172.16.100.3] + sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-scan-plugin docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin &gt;/dev/null [172.16.100.4] + sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-scan-plugin docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin &gt;/dev/null [172.16.100.5] + sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-scan-plugin docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin &gt;/dev/null [172.16.100.5] + sh -c docker version [172.16.100.4] + sh -c docker version [172.16.100.3] + sh -c docker version [172.16.100.5] Client: Docker Engine - Community [172.16.100.5] Version: 23.0.1 [172.16.100.5] API version: 1.42 [172.16.100.5] Go version: go1.19.5 [172.16.100.5] Git commit: a5ee5b1 [172.16.100.5] Built: Thu Feb 9 19:47:01 2023 [172.16.100.5] OS/Arch: linux/amd64 [172.16.100.5] Context: default [172.16.100.5] [172.16.100.5] Server: Docker Engine - Community [172.16.100.5] Engine: [172.16.100.5] Version: 23.0.1 [172.16.100.5] API version: 1.42 (minimum version 1.12) [172.16.100.5] Go version: go1.19.5 [172.16.100.5] Git commit: bc3805a [172.16.100.5] Built: Thu Feb 9 19:47:01 2023 [172.16.100.5] OS/Arch: linux/amd64 [172.16.100.5] Experimental: false [172.16.100.5] containerd: [172.16.100.5] Version: 1.6.18 [172.16.100.5] GitCommit: 2456e983eb9e37e47538f59ea18f2043c9a73640 [172.16.100.5] runc: [172.16.100.5] Version: 1.1.4 [172.16.100.5] GitCommit: v1.1.4-0-g5fd4c4d [172.16.100.5] docker-init: [172.16.100.5] Version: 0.19.0 [172.16.100.5] GitCommit: de40ad0 [172.16.100.5] [172.16.100.5] ================================================================================ [172.16.100.5] [172.16.100.5] To run Docker as a non-privileged user, consider setting up the [172.16.100.5] Docker daemon in rootless mode for your user: [172.16.100.5] [172.16.100.5] dockerd-rootless-setuptool.sh install [172.16.100.5] [172.16.100.5] Visit https://docs.docker.com/go/rootless/ to learn about rootless mode. [172.16.100.5] [172.16.100.5] [172.16.100.5] To run the Docker daemon as a fully privileged service, but granting non-root [172.16.100.5] users access, refer to https://docs.docker.com/go/daemon-access/ [172.16.100.5] [172.16.100.5] WARNING: Access to the remote API on a privileged Docker daemon is equivalent [172.16.100.5] to root access on the host. Refer to the 'Docker daemon attack surface' [172.16.100.5] documentation for details: https://docs.docker.com/go/attack-surface/ [172.16.100.5] [172.16.100.5] ================================================================================ [172.16.100.5] [172.16.100.5] Success [172.16.100.4] Client: Docker Engine - Community [172.16.100.4] Version: 23.0.1 [172.16.100.4] API version: 1.42 [172.16.100.4] Go version: go1.19.5 [172.16.100.4] Git commit: a5ee5b1 [172.16.100.4] Built: Thu Feb 9 19:47:01 2023 [172.16.100.4] OS/Arch: linux/amd64 [172.16.100.4] Context: default [172.16.100.4] [172.16.100.4] Server: Docker Engine - Community [172.16.100.4] Engine: [172.16.100.4] Version: 23.0.1 [172.16.100.4] API version: 1.42 (minimum version 1.12) [172.16.100.4] Go version: go1.19.5 [172.16.100.4] Git commit: bc3805a [172.16.100.4] Built: Thu Feb 9 19:47:01 2023 [172.16.100.4] OS/Arch: linux/amd64 [172.16.100.4] Experimental: false [172.16.100.4] containerd: [172.16.100.4] Version: 1.6.18 [172.16.100.4] GitCommit: 2456e983eb9e37e47538f59ea18f2043c9a73640 [172.16.100.4] runc: [172.16.100.4] Version: 1.1.4 [172.16.100.4] GitCommit: v1.1.4-0-g5fd4c4d [172.16.100.4] docker-init: [172.16.100.4] Version: 0.19.0 [172.16.100.4] GitCommit: de40ad0 [172.16.100.4] [172.16.100.4] ================================================================================ [172.16.100.4] [172.16.100.4] To run Docker as a non-privileged user, consider setting up the [172.16.100.4] Docker daemon in rootless mode for your user: [172.16.100.4] [172.16.100.4] dockerd-rootless-setuptool.sh install [172.16.100.4] [172.16.100.4] Visit https://docs.docker.com/go/rootless/ to learn about rootless mode. [172.16.100.4] [172.16.100.4] [172.16.100.4] To run the Docker daemon as a fully privileged service, but granting non-root [172.16.100.4] users access, refer to https://docs.docker.com/go/daemon-access/ [172.16.100.4] [172.16.100.4] WARNING: Access to the remote API on a privileged Docker daemon is equivalent [172.16.100.4] to root access on the host. Refer to the 'Docker daemon attack surface' [172.16.100.4] documentation for details: https://docs.docker.com/go/attack-surface/ [172.16.100.4] [172.16.100.4] ================================================================================ [172.16.100.4] [172.16.100.4] Success [172.16.100.3] Client: Docker Engine - Community [172.16.100.3] Version: 23.0.1 [172.16.100.3] API version: 1.42 [172.16.100.3] Go version: go1.19.5 [172.16.100.3] Git commit: a5ee5b1 [172.16.100.3] Built: Thu Feb 9 19:47:01 2023 [172.16.100.3] OS/Arch: linux/amd64 [172.16.100.3] Context: default [172.16.100.3] [172.16.100.3] Server: Docker Engine - Community [172.16.100.3] Engine: [172.16.100.3] Version: 23.0.1 [172.16.100.3] API version: 1.42 (minimum version 1.12) [172.16.100.3] Go version: go1.19.5 [172.16.100.3] Git commit: bc3805a [172.16.100.3] Built: Thu Feb 9 19:47:01 2023 [172.16.100.3] OS/Arch: linux/amd64 [172.16.100.3] Experimental: false [172.16.100.3] containerd: [172.16.100.3] Version: 1.6.18 [172.16.100.3] GitCommit: 2456e983eb9e37e47538f59ea18f2043c9a73640 [172.16.100.3] runc: [172.16.100.3] Version: 1.1.4 [172.16.100.3] GitCommit: v1.1.4-0-g5fd4c4d [172.16.100.3] docker-init: [172.16.100.3] Version: 0.19.0 [172.16.100.3] GitCommit: de40ad0 [172.16.100.3] [172.16.100.3] ================================================================================ [172.16.100.3] [172.16.100.3] To run Docker as a non-privileged user, consider setting up the [172.16.100.3] Docker daemon in rootless mode for your user: [172.16.100.3] [172.16.100.3] dockerd-rootless-setuptool.sh install [172.16.100.3] [172.16.100.3] Visit https://docs.docker.com/go/rootless/ to learn about rootless mode. [172.16.100.3] [172.16.100.3] [172.16.100.3] To run the Docker daemon as a fully privileged service, but granting non-root [172.16.100.3] users access, refer to https://docs.docker.com/go/daemon-access/ [172.16.100.3] [172.16.100.3] WARNING: Access to the remote API on a privileged Docker daemon is equivalent [172.16.100.3] to root access on the host. Refer to the 'Docker daemon attack surface' [172.16.100.3] documentation for details: https://docs.docker.com/go/attack-surface/ [172.16.100.3] [172.16.100.3] ================================================================================ [172.16.100.3] [172.16.100.3] Success --&gt; Results: Groups: inventory / my_hosts [172.16.100.4] Changed: 1 No change: 0 Errors: 0 [172.16.100.3] Changed: 1 No change: 0 Errors: 0 [172.16.100.5] Changed: 1 No change: 0 Errors: 0 root@minione:~# pyinfra inventory.py exec -- "docker ps -a" --&gt; Loading config... --&gt; Loading inventory... --&gt; Connecting to hosts... No host key for 172.16.100.5 found in known_hosts No host key for 172.16.100.3 found in known_hosts No host key for 172.16.100.4 found in known_hosts [172.16.100.5] Connected [172.16.100.3] Connected [172.16.100.4] Connected [172.16.100.5] Ready: shell [172.16.100.3] Ready: shell [172.16.100.4] Ready: shell --&gt; Proposed changes: Groups: inventory / my_hosts [172.16.100.5] Operations: 1 Change: 1 No change: 0 [172.16.100.3] Operations: 1 Change: 1 No change: 0 [172.16.100.4] Operations: 1 Change: 1 No change: 0 --&gt; Beginning operation run... --&gt; Starting operation: Server/Shell (docker ps -a) [172.16.100.5] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [172.16.100.5] Success [172.16.100.4] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [172.16.100.4] Success [172.16.100.3] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [172.16.100.3] Success --&gt; Results: Groups: inventory / my_hosts [172.16.100.5] Changed: 1 No change: 0 Errors: 0 [172.16.100.3] Changed: 1 No change: 0 Errors: 0 [172.16.100.4] Changed: 1 No change: 0 Errors: 0 </code></pre> </div> <p>Déploiement ensuite des clients Consul et Nomad toujours avec hashi-up :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@minione:~# <span class="nb">export </span><span class="nv">SERVER_IP</span><span class="o">=</span>172.16.100.2 root@minione:~# <span class="nb">export </span><span class="nv">AGENT_1_IP</span><span class="o">=</span>172.16.100.4 root@minione:~# <span class="nb">export </span><span class="nv">AGENT_2_IP</span><span class="o">=</span>172.16.100.3 root@minione:~# <span class="nb">export </span><span class="nv">AGENT_3_IP</span><span class="o">=</span>172.16.100.5 root@minione:~# hashi-up consul <span class="nb">install</span> <span class="nt">--ssh-target-addr</span> <span class="nv">$AGENT_1_IP</span> <span class="nt">--ssh-target-user</span> root <span class="nt">--retry-join</span> <span class="nv">$SERVER_IP</span> <span class="nt">--ssh-target-key</span> .ssh/id_rsa <span class="nt">--version</span> 1.15.1 <span class="o">[</span>INFO] Uploading generated Consul configuration ... <span class="o">[</span>INFO] Installing Consul ... <span class="o">[</span>INFO] -&gt; Creating user named <span class="s1">'consul'</span> <span class="o">[</span>INFO] -&gt; Copying configuration files <span class="o">[</span>INFO] -&gt; Downloading consul_1.15.1_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Downloading consul_1.15.1_SHA256SUMS <span class="o">[</span>INFO] -&gt; Verifying downloaded consul_1.15.1_linux_amd64.zip consul_1.15.1_linux_amd64.zip: OK <span class="o">[</span>INFO] -&gt; Unpacking consul_1.15.1_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Adding systemd service file /etc/systemd/system/consul.service <span class="o">[</span>INFO] -&gt; Enabling systemd service Created symlink /etc/systemd/system/multi-user.target.wants/consul.service → /etc/systemd/system/consul.service. <span class="o">[</span>INFO] -&gt; Starting systemd service <span class="o">[</span>INFO] Done. root@minione:~# hashi-up consul <span class="nb">install</span> <span class="nt">--ssh-target-addr</span> <span class="nv">$AGENT_2_IP</span> <span class="nt">--ssh-target-user</span> root <span class="nt">--retry-join</span> <span class="nv">$SERVER_IP</span> <span class="nt">--ssh-target-key</span> .ssh/id_rsa <span class="nt">--version</span> 1.15.1 <span class="o">[</span>INFO] Uploading generated Consul configuration ... <span class="o">[</span>INFO] Installing Consul ... <span class="o">[</span>INFO] -&gt; Creating user named <span class="s1">'consul'</span> <span class="o">[</span>INFO] -&gt; Copying configuration files <span class="o">[</span>INFO] -&gt; Downloading consul_1.15.1_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Downloading consul_1.15.1_SHA256SUMS <span class="o">[</span>INFO] -&gt; Verifying downloaded consul_1.15.1_linux_amd64.zip consul_1.15.1_linux_amd64.zip: OK <span class="o">[</span>INFO] -&gt; Unpacking consul_1.15.1_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Adding systemd service file /etc/systemd/system/consul.service <span class="o">[</span>INFO] -&gt; Enabling systemd service Created symlink /etc/systemd/system/multi-user.target.wants/consul.service → /etc/systemd/system/consul.service. <span class="o">[</span>INFO] -&gt; Starting systemd service <span class="o">[</span>INFO] Done. root@minione:~# hashi-up consul <span class="nb">install</span> <span class="nt">--ssh-target-addr</span> <span class="nv">$AGENT_3_IP</span> <span class="nt">--ssh-target-user</span> root <span class="nt">--retry-join</span> <span class="nv">$SERVER_IP</span> <span class="nt">--ssh-target-key</span> .ssh/id_rsa <span class="nt">--version</span> 1.15.1 <span class="o">[</span>INFO] Uploading generated Consul configuration ... <span class="o">[</span>INFO] Installing Consul ... <span class="o">[</span>INFO] -&gt; Creating user named <span class="s1">'consul'</span> <span class="o">[</span>INFO] -&gt; Copying configuration files <span class="o">[</span>INFO] -&gt; Downloading consul_1.15.1_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Downloading consul_1.15.1_SHA256SUMS <span class="o">[</span>INFO] -&gt; Verifying downloaded consul_1.15.1_linux_amd64.zip consul_1.15.1_linux_amd64.zip: OK <span class="o">[</span>INFO] -&gt; Unpacking consul_1.15.1_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Adding systemd service file /etc/systemd/system/consul.service <span class="o">[</span>INFO] -&gt; Enabling systemd service Created symlink /etc/systemd/system/multi-user.target.wants/consul.service → /etc/systemd/system/consul.service. <span class="o">[</span>INFO] -&gt; Starting systemd service <span class="o">[</span>INFO] Done. root@minione:~# hashi-up nomad <span class="nb">install</span> <span class="nt">--ssh-target-addr</span> <span class="nv">$AGENT_1_IP</span> <span class="nt">--ssh-target-user</span> root <span class="nt">--client</span> <span class="nt">--retry-join</span> <span class="nv">$SERVER_IP</span> <span class="nt">--ssh-target-key</span> .ssh/id_rsa <span class="nt">--version</span> 1.5.0 <span class="o">[</span>INFO] Uploading generated Nomad configuration ... <span class="o">[</span>INFO] Installing Nomad ... <span class="o">[</span>INFO] -&gt; Copying configuration files <span class="o">[</span>INFO] -&gt; Downloading nomad_1.5.0_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Downloading nomad_1.5.0_SHA256SUMS <span class="o">[</span>INFO] -&gt; Verifying downloaded nomad_1.5.0_linux_amd64.zip nomad_1.5.0_linux_amd64.zip: OK <span class="o">[</span>INFO] -&gt; Unpacking nomad_1.5.0_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Adding systemd service file /etc/systemd/system/nomad.service <span class="o">[</span>INFO] -&gt; Enabling systemd service Created symlink /etc/systemd/system/multi-user.target.wants/nomad.service → /etc/systemd/system/nomad.service. <span class="o">[</span>INFO] -&gt; Starting systemd service <span class="o">[</span>INFO] Done. root@minione:~# hashi-up nomad <span class="nb">install</span> <span class="nt">--ssh-target-addr</span> <span class="nv">$AGENT_2_IP</span> <span class="nt">--ssh-target-user</span> root <span class="nt">--client</span> <span class="nt">--retry-join</span> <span class="nv">$SERVER_IP</span> <span class="nt">--ssh-target-key</span> .ssh/id_rsa <span class="nt">--version</span> 1.5.0 <span class="o">[</span>INFO] Uploading generated Nomad configuration ... <span class="o">[</span>INFO] Installing Nomad ... <span class="o">[</span>INFO] -&gt; Copying configuration files <span class="o">[</span>INFO] -&gt; Downloading nomad_1.5.0_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Downloading nomad_1.5.0_SHA256SUMS <span class="o">[</span>INFO] -&gt; Verifying downloaded nomad_1.5.0_linux_amd64.zip nomad_1.5.0_linux_amd64.zip: OK <span class="o">[</span>INFO] -&gt; Unpacking nomad_1.5.0_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Adding systemd service file /etc/systemd/system/nomad.service <span class="o">[</span>INFO] -&gt; Enabling systemd service Created symlink /etc/systemd/system/multi-user.target.wants/nomad.service → /etc/systemd/system/nomad.service. <span class="o">[</span>INFO] -&gt; Starting systemd service <span class="o">[</span>INFO] Done. root@minione:~# hashi-up nomad <span class="nb">install</span> <span class="nt">--ssh-target-addr</span> <span class="nv">$AGENT_3_IP</span> <span class="nt">--ssh-target-user</span> root <span class="nt">--client</span> <span class="nt">--retry-join</span> <span class="nv">$SERVER_IP</span> <span class="nt">--ssh-target-key</span> .ssh/id_rsa <span class="nt">--version</span> 1.5.0 <span class="o">[</span>INFO] Uploading generated Nomad configuration ... <span class="o">[</span>INFO] Installing Nomad ... <span class="o">[</span>INFO] -&gt; Copying configuration files <span class="o">[</span>INFO] -&gt; Downloading nomad_1.5.0_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Downloading nomad_1.5.0_SHA256SUMS <span class="o">[</span>INFO] -&gt; Verifying downloaded nomad_1.5.0_linux_amd64.zip nomad_1.5.0_linux_amd64.zip: OK <span class="o">[</span>INFO] -&gt; Unpacking nomad_1.5.0_linux_amd64.zip <span class="o">[</span>INFO] -&gt; Adding systemd service file /etc/systemd/system/nomad.service <span class="o">[</span>INFO] -&gt; Enabling systemd service Created symlink /etc/systemd/system/multi-user.target.wants/nomad.service → /etc/systemd/system/nomad.service. <span class="o">[</span>INFO] -&gt; Starting systemd service <span class="o">[</span>INFO] Done. </code></pre> </div> <p>Les clients Nomad avec Consul sont présents :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--QYJzLqnL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ALb1qHrmbg9AQvfTBGxQR5w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--QYJzLqnL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ALb1qHrmbg9AQvfTBGxQR5w.png" alt="" width="880" height="423"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--9KnyRkjy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ADiXt7v-O7E7tUeRcF9MOKQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--9KnyRkjy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ADiXt7v-O7E7tUeRcF9MOKQ.png" alt="" width="880" height="425"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--XoFiF3zx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AgeUuFaQQYeBtVNcbc4QJzg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--XoFiF3zx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AgeUuFaQQYeBtVNcbc4QJzg.png" alt="" width="880" height="425"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--w7vSeWAk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AAySYSsKhLSQidsWP19Ef9A.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--w7vSeWAk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AAySYSsKhLSQidsWP19Ef9A.png" alt="" width="880" height="382"></a></p> <p>Lancement de Fabio qui s’intègre nativement avec Consul et fournit une interface Web optionnelle pour visualiser le routage. Le principal cas d’utilisation de Fabio est la distribution des requêtes HTTP(S) et TCP entrantes depuis Internet vers les services frontaux qui peuvent traiter ces requêtes.</p> <p><a href="https://developer.hashicorp.com/nomad/tutorials/load-balancing/load-balancing-fabio">Load Balancing with Fabio | Nomad | HashiCorp Developer</a></p> <p>Ici, je lance Fabio en tant que job système afin qu’il puisse acheminer le trafic entrant de manière homogène vers un groupe de serveurs quels que soient les nœuds clients sur lesquels il s’exécute. On peut donc placer tous les nœuds clients derrière un équilibreur de charge pour fournir à l’utilisateur final un point d’accès unique.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">job</span><span class="w"> </span><span class="s2">"fabio"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">datacenters</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="p">[</span><span class="s2">"dc1"</span><span class="p">]</span><span class="w"> </span><span class="err">type</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"system"</span><span class="w"> </span><span class="err">group</span><span class="w"> </span><span class="s2">"fabio"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">network</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">port</span><span class="w"> </span><span class="s2">"lb"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">static</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="mi">9999</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">port</span><span class="w"> </span><span class="s2">"ui"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">static</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="mi">9998</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">task</span><span class="w"> </span><span class="s2">"fabio"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">driver</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"docker"</span><span class="w"> </span><span class="err">config</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">image</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"fabiolb/fabio"</span><span class="w"> </span><span class="err">network_mode</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"host"</span><span class="w"> </span><span class="err">ports</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="p">[</span><span class="s2">"lb"</span><span class="p">,</span><span class="s2">"ui"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">resources</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">cpu</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="mi">200</span><span class="w"> </span><span class="err">memory</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="mi">128</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--5H3kkH_4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ADG56Gy2WrOLwKk4Ei5Skig.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--5H3kkH_4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ADG56Gy2WrOLwKk4Ei5Skig.png" alt="" width="880" height="420"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--j7Vr5HZQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AdqOSg4ROo1lOdnKqUMNuPw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--j7Vr5HZQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AdqOSg4ROo1lOdnKqUMNuPw.png" alt="" width="880" height="420"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--7uqtw5SL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ashf6tdjR4d1I4ZfBotxEkA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--7uqtw5SL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ashf6tdjR4d1I4ZfBotxEkA.png" alt="" width="880" height="420"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--lJTNK17Y--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A7TbzxpH79k1pWQmsncQbXA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--lJTNK17Y--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A7TbzxpH79k1pWQmsncQbXA.png" alt="" width="880" height="420"></a></p> <p>L’interface graphique de Fabio est disponible sur chacun des trois noeuds clients sur le port TCP 9998 :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--kb0atae0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AkeaehZGrgTUf9GK7XdmbPw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--kb0atae0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AkeaehZGrgTUf9GK7XdmbPw.png" alt="" width="880" height="527"></a></p> <p>Exemple avec ce job et une image de base Nginx avec création de trois serveurs attenants :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">job</span><span class="w"> </span><span class="s2">"webserver"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">datacenters</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="p">[</span><span class="s2">"dc1"</span><span class="p">]</span><span class="w"> </span><span class="err">type</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"service"</span><span class="w"> </span><span class="err">group</span><span class="w"> </span><span class="s2">"webserver"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">count</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="err">network</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">port</span><span class="w"> </span><span class="s2">"http"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="mi">8080</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">service</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">name</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"nginx-webserver"</span><span class="w"> </span><span class="err">tags</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="p">[</span><span class="s2">"urlprefix-/"</span><span class="p">]</span><span class="w"> </span><span class="err">port</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"http"</span><span class="w"> </span><span class="err">check</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">name</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"alive"</span><span class="w"> </span><span class="err">type</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"http"</span><span class="w"> </span><span class="err">path</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"/"</span><span class="w"> </span><span class="err">interval</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"10s"</span><span class="w"> </span><span class="err">timeout</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"2s"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">restart</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">attempts</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">interval</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"30m"</span><span class="w"> </span><span class="err">delay</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"15s"</span><span class="w"> </span><span class="err">mode</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"fail"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">task</span><span class="w"> </span><span class="s2">"nginx"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">driver</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"docker"</span><span class="w"> </span><span class="err">config</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">image</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"bitnami/nginx:latest"</span><span class="w"> </span><span class="err">ports</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="p">[</span><span class="s2">"http"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--klpl3Yt4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A31VpfVOOhm9VDqBQ2awkgg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--klpl3Yt4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A31VpfVOOhm9VDqBQ2awkgg.png" alt="" width="880" height="422"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--zANhzLm---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A5zuLmiNFinr6ZnjFX0rBfw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--zANhzLm---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A5zuLmiNFinr6ZnjFX0rBfw.png" alt="" width="880" height="422"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--XwGQ4L85--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AelVeN-hc6aW9lhwFqFTPbg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--XwGQ4L85--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AelVeN-hc6aW9lhwFqFTPbg.png" alt="" width="880" height="495"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ppepYSFC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A5_KgBEHs5UvUwgCPS-ZezA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ppepYSFC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A5_KgBEHs5UvUwgCPS-ZezA.png" alt="" width="880" height="422"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--qAo1crYG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AnRbaioUFYNaSvHaz4K13cA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--qAo1crYG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AnRbaioUFYNaSvHaz4K13cA.png" alt="" width="880" height="422"></a></p> <p>Fabio a détecté le déploiement de ces trois serveurs Nginx :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jcYxr4Qo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AsSEKwVlfdTbbOKMwdfcznw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jcYxr4Qo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AsSEKwVlfdTbbOKMwdfcznw.png" alt="" width="880" height="422"></a></p> <p>en fournissant des ports d’accès à ces entités :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--J0UWkdwo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ACNF076uc1Y2S0y0luIBuHw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--J0UWkdwo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ACNF076uc1Y2S0y0luIBuHw.png" alt="" width="880" height="459"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--9Lmjqb_F--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AgOWriF4NzdeUBZSkD-_5uA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--9Lmjqb_F--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AgOWriF4NzdeUBZSkD-_5uA.png" alt="" width="880" height="459"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Oc9i8SG3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ACTvlh_7PaiMxDNtPOm9YSA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Oc9i8SG3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ACTvlh_7PaiMxDNtPOm9YSA.png" alt="" width="880" height="459"></a></p> <p>Test d’une instance Alpine Linux avec un serveur OpenSSH qui mime le fonctionnement d’une machine virtuelle dans Nomad en utilisant cette image Docker :</p> <p><a href="https://hub.docker.com/r/mcas/alpine-sshd">Docker</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">job</span><span class="w"> </span><span class="s2">"ssh"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">datacenters</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="p">[</span><span class="s2">"dc1"</span><span class="p">]</span><span class="w"> </span><span class="err">type</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"service"</span><span class="w"> </span><span class="err">group</span><span class="w"> </span><span class="s2">"ssh"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">count</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="err">network</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">port</span><span class="w"> </span><span class="s2">"ssh"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">service</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">name</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"sshd"</span><span class="w"> </span><span class="err">port</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"ssh"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">task</span><span class="w"> </span><span class="s2">"openssh"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">driver</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"docker"</span><span class="w"> </span><span class="err">config</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">image</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"mcas/alpine-sshd:latest"</span><span class="w"> </span><span class="err">ports</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="p">[</span><span class="s2">"ssh"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Exécution du job via la dashboard du serveur Nomad :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hBnERiAe--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AIl7nhifyaDTS_FfZH96E7w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hBnERiAe--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AIl7nhifyaDTS_FfZH96E7w.png" alt="" width="880" height="423"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--OuHZoyd8--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ak91zDJ1s3EJetXF730AXfw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--OuHZoyd8--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ak91zDJ1s3EJetXF730AXfw.png" alt="" width="880" height="423"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--t39HdIDm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AB8he3YlXW7HFVEUUYiiNpA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--t39HdIDm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AB8he3YlXW7HFVEUUYiiNpA.png" alt="" width="880" height="423"></a></p> <p>Consul voit l’ensemble des instances déployées dans Nomad :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--OwFblxF1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ard9VZ6K0CJX6HpljFFbruw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--OwFblxF1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ard9VZ6K0CJX6HpljFFbruw.png" alt="" width="880" height="423"></a></p> <p>en me donnant les informations sur le port d’accès à cette instance Alpine Linux :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--uv0NM9ZK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Amow4a4H2thytRuVoV-Kg3w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--uv0NM9ZK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Amow4a4H2thytRuVoV-Kg3w.png" alt="" width="880" height="423"></a></p> <p>Connexion locale à cette instance en SSH avec ce port d’accès :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@minione:~# ssh <span class="nt">-p</span> 26053 alpine@172.16.100.5 Warning: Permanently added <span class="s1">'[172.16.100.5]:26053'</span> <span class="o">(</span>ED25519<span class="o">)</span> to the list of known hosts. alpine@172.16.100.5 password: Welcome to Alpine! The Alpine Wiki contains a large amount of how-to guides and general information about administrating Alpine systems. See &lt;https://wiki.alpinelinux.org/&gt;. You can setup the system with the <span class="nb">command</span>: setup-alpine You may change this message by editing /etc/motd. 1900f3e8b78a:~<span class="nv">$ </span>ps aux PID USER TIME COMMAND 1 root 0:00 sshd: /usr/sbin/sshd <span class="nt">-D</span> <span class="nt">-e</span> <span class="o">[</span>listener] 0 of 10-100 startups 10 root 0:00 sshd: alpine <span class="o">[</span>priv] 12 alpine 0:00 sshd: alpine@pts/0 13 alpine 0:00 <span class="nt">-bash</span> 14 alpine 0:00 ps aux 1900f3e8b78a:~<span class="nv">$ </span>free <span class="nt">-m</span> total used free shared buff/cache available Mem: 5934 348 4982 1 604 5346 Swap: 0 0 0 1900f3e8b78a:~<span class="nv">$ </span><span class="nb">df</span> <span class="nt">-h</span> Filesystem Size Used Available Use% Mounted on overlay 19.2G 2.3G 16.9G 12% / tmpfs 64.0M 0 64.0M 0% /dev shm 64.0M 0 64.0M 0% /dev/shm /dev/vda1 19.2G 2.3G 16.9G 12% /alloc /dev/vda1 19.2G 2.3G 16.9G 12% /local tmpfs 1.0M 0 1.0M 0% /secrets /dev/vda1 19.2G 2.3G 16.9G 12% /etc/resolv.conf /dev/vda1 19.2G 2.3G 16.9G 12% /etc/hostname /dev/vda1 19.2G 2.3G 16.9G 12% /etc/hosts tmpfs 2.9G 0 2.9G 0% /proc/acpi tmpfs 64.0M 0 64.0M 0% /proc/kcore tmpfs 64.0M 0 64.0M 0% /proc/keys tmpfs 64.0M 0 64.0M 0% /proc/timer_list tmpfs 2.9G 0 2.9G 0% /proc/scsi tmpfs 2.9G 0 2.9G 0% /sys/firmware </code></pre> </div> <p>Le sempiternel démonstrateur FC s’y exécute localement comme s’il s’agissait d’une machine virtuelle :</p> <p><a href="https://github.com/france-connect/service-provider-example">GitHub - france-connect/service-provider-example: An implementation example of the FranceConnect button on a service provider's website.</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>1900f3e8b78a:~/fcdemo3<span class="nv">$ </span>pm2 start start.sh <span class="nt">-------------</span> __/<span class="se">\\\\\\\\\\\\\_</span>___ /<span class="se">\\\\</span> ____________/<span class="se">\\\\</span>____ /<span class="se">\\\\\\\\\ </span>_____ _<span class="se">\/\\\/</span>////////<span class="se">\\\_\/\\\\\\</span> ________/<span class="se">\\\\\\</span>__ /<span class="se">\\\/</span>//////<span class="se">\\\_</span>__ _<span class="se">\/\\\ </span>_______<span class="se">\/\\\_\/\\\/</span>/<span class="se">\\\_</span>___ /<span class="se">\\\/</span>/<span class="se">\\\_\/</span>// ______<span class="se">\/</span>/<span class="se">\\\_</span>_ _<span class="se">\/\\\\\\\\\\\\\/</span> __<span class="se">\/\\\\</span>///<span class="se">\\\/\\\/</span>_<span class="se">\/\\\_</span>__________ /<span class="se">\\\/</span>___ _<span class="se">\/\\\/</span>//////// ____<span class="se">\/\\\_</span>_ <span class="se">\/</span>//<span class="se">\\\/</span> ___<span class="se">\/\\\_</span>_______ /<span class="se">\\\/</span>/ _____ _<span class="se">\/\\\ </span>_____________<span class="se">\/\\\_</span>___ <span class="se">\/</span>// _____<span class="se">\/\\\_</span>____ /<span class="se">\\\/</span>/ ________ _<span class="se">\/\\\ </span>_____________<span class="se">\/\\\_</span>____________ <span class="se">\/\\\ </span>___/<span class="se">\\\/</span>___________ _<span class="se">\/\\\ </span>_____________<span class="se">\/\\\_</span>____________ <span class="se">\/\\\_</span>_/<span class="se">\\\\\\\\\\\\\\\_</span> _<span class="se">\/</span>// ______________<span class="se">\/</span>//______________ <span class="se">\/</span>// __<span class="se">\/</span>//////////////__ Runtime Edition PM2 is a Production Process Manager <span class="k">for </span>Node.js applications with a built-in Load Balancer. Start and Daemonize any application: <span class="nv">$ </span>pm2 start app.js Load Balance 4 instances of api.js: <span class="nv">$ </span>pm2 start api.js <span class="nt">-i</span> 4 Monitor <span class="k">in </span>production: <span class="nv">$ </span>pm2 monitor Make pm2 auto-boot at server restart: <span class="nv">$ </span>pm2 startup To go further checkout: http://pm2.io/ <span class="nt">-------------</span> <span class="o">[</span>PM2] Spawning PM2 daemon with <span class="nv">pm2_home</span><span class="o">=</span>/home/alpine/.pm2 <span class="o">[</span>PM2] PM2 Successfully daemonized <span class="o">[</span>PM2] Starting /home/alpine/fcdemo3/start.sh <span class="k">in </span>fork_mode <span class="o">(</span>1 instance<span class="o">)</span> <span class="o">[</span>PM2] Done. ┌─────┬──────────┬─────────────┬─────────┬─────────┬──────────┬────────┬──────┬───────────┬──────────┬──────────┬──────────┬──────────┐ │ <span class="nb">id</span> │ name │ namespace │ version │ mode │ pid │ <span class="nb">uptime</span> │ ↺ │ status │ cpu │ mem │ user │ watching │ ├─────┼──────────┼─────────────┼─────────┼─────────┼──────────┼────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────────┤ │ 0 │ start │ default │ 0.0.0 │ fork │ 466 │ 0s │ 0 │ online │ 0% │ 1.7mb │ alpine │ disabled │ └─────┴──────────┴─────────────┴─────────┴─────────┴──────────┴────────┴──────┴───────────┴──────────┴──────────┴──────────┴──────────┘ 1900f3e8b78a:~/fcdemo3<span class="nv">$ </span>pm2 log start <span class="o">[</span>TAILING] Tailing last 15 lines <span class="k">for</span> <span class="o">[</span>start] process <span class="o">(</span>change the value with <span class="nt">--lines</span> option<span class="o">)</span> /home/alpine/.pm2/logs/start-error.log last 15 lines: /home/alpine/.pm2/logs/start-out.log last 15 lines: 0|start | 0|start | <span class="o">&gt;</span> service-provider-mock@0.0.0 start 0|start | <span class="o">&gt;</span> node ./bin/www 0|start | 0|start | Server listening on http://0.0.0.0:3000 1900f3e8b78a:~<span class="nv">$ </span>curl http://localhost:3000 &lt;<span class="o">!</span>doctype html&gt; &lt;html <span class="nv">lang</span><span class="o">=</span><span class="s2">"en"</span><span class="o">&gt;</span> &lt;<span class="nb">head</span><span class="o">&gt;</span> &lt;meta <span class="nv">charset</span><span class="o">=</span><span class="s2">"UTF-8"</span><span class="o">&gt;</span> &lt;meta <span class="nv">name</span><span class="o">=</span><span class="s2">"viewport"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"</span><span class="o">&gt;</span> &lt;meta http-equiv<span class="o">=</span><span class="s2">"X-UA-Compatible"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"ie=edge"</span><span class="o">&gt;</span> &lt;<span class="nb">link </span><span class="nv">rel</span><span class="o">=</span><span class="s2">"stylesheet"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.1/css/bulma.min.css"</span> <span class="nv">integrity</span><span class="o">=</span><span class="s2">"sha256-zIG416V1ynj3Wgju/scU80KAEWOsO5rRLfVyRDuOv7Q="</span> <span class="nv">crossorigin</span><span class="o">=</span><span class="s2">"anonymous"</span> /&gt; &lt;title&gt;Démonstrateur Fournisseur de Service&lt;/title&gt; &lt;/head&gt; &lt;body&gt; &lt;nav <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar"</span> <span class="nv">role</span><span class="o">=</span><span class="s2">"navigation"</span> aria-label<span class="o">=</span><span class="s2">"main navigation"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-start"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-brand"</span><span class="o">&gt;</span> &lt;a <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-item"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"/"</span><span class="o">&gt;</span> &lt;img <span class="nv">src</span><span class="o">=</span><span class="s2">"/img/fc_logo_v2.png"</span> <span class="nv">alt</span><span class="o">=</span><span class="s2">"Démonstrateur Fournisseur de Service"</span> <span class="nv">height</span><span class="o">=</span><span class="s2">"28"</span><span class="o">&gt;</span> &lt;/a&gt; &lt;/div&gt; &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"/"</span> <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-item"</span><span class="o">&gt;</span> Home &lt;/a&gt; &lt;/div&gt; &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-end"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-item"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"buttons"</span><span class="o">&gt;</span> &lt;a <span class="nv">class</span><span class="o">=</span><span class="s2">"button is-light"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"/login"</span><span class="o">&gt;</span>Se connecter&lt;/a&gt; &lt;/div&gt; &lt;/div&gt; &lt;/div&gt; &lt;/nav&gt; &lt;section <span class="nv">class</span><span class="o">=</span><span class="s2">"hero is-info is-medium"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"hero-body"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"container"</span><span class="o">&gt;</span> &lt;h1 <span class="nv">class</span><span class="o">=</span><span class="s2">"title"</span><span class="o">&gt;</span> Bienvenue sur le démonstrateur de fournisseur de service &lt;/h1&gt; &lt;h2 <span class="nv">class</span><span class="o">=</span><span class="s2">"subtitle"</span><span class="o">&gt;</span> Cliquez sur <span class="s2">"se connecter"</span> pour vous connecter via &lt;strong&gt;FranceConnect&lt;/strong&gt; &lt;/h2&gt; &lt;/div&gt; &lt;/div&gt; &lt;/section&gt; </code></pre> </div> <p>Dans cet article, il est décrit la possibilité d’utiliser hashi-up pour provisionner un cluster avec Vault ou en mode HA pour le cluster Nomad et Consul :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--CbBydCZB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/874/0%2AuGGpp8Io-iuLF-Xq.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--CbBydCZB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/874/0%2AuGGpp8Io-iuLF-Xq.png" alt="" width="874" height="617"></a></p> <ul> <li><a href="https://johansiebens.dev/posts/2020/07/deploying-a-highly-available-nomad-cluster-with-hashi-up/">Deploying a highly-available Nomad cluster with hashi-up!</a></li> <li><a href="https://johansiebens.dev/posts/2020/12/installing-hashicorp-vault-on-digitalocean-with-hashi-up/">Installing HashiCorp Vault on DigitalOcean with hashi-up</a></li> </ul> <blockquote> <p>Ce cluster commun entre Nomad et Consul aurait pû être utilisé avec Waypoint pour y provisionner ses jobs comme avec cet exemple de fichier HCL …</p> </blockquote> <p><a href="https://developer.hashicorp.com/waypoint">Waypoint | HashiCorp Developer</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--iSPfJB0G--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ADFD-Qcr6yk8QOzmFsdUFdw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--iSPfJB0G--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ADFD-Qcr6yk8QOzmFsdUFdw.png" alt="" width="880" height="185"></a></p> <p><a href="https://developer.hashicorp.com/waypoint/tutorials/get-started-nomad/get-started-nomad">Deploy an Application to Nomad | Waypoint | HashiCorp Developer</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">#</span><span class="w"> </span><span class="err">Copyright</span><span class="w"> </span><span class="err">(c)</span><span class="w"> </span><span class="err">HashiCorp,</span><span class="w"> </span><span class="err">Inc.</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="err">SPDX-License-Identifier:</span><span class="w"> </span><span class="err">MPL</span><span class="mf">-2.0</span><span class="w"> </span><span class="err">project</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"nomad-nodejs"</span><span class="w"> </span><span class="err">app</span><span class="w"> </span><span class="s2">"nomad-nodejs-web"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">build</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">use</span><span class="w"> </span><span class="s2">"pack"</span><span class="w"> </span><span class="p">{}</span><span class="w"> </span><span class="err">registry</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">use</span><span class="w"> </span><span class="s2">"docker"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">image</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"nomad-nodejs-web"</span><span class="w"> </span><span class="err">tag</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"1"</span><span class="w"> </span><span class="err">local</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">deploy</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">use</span><span class="w"> </span><span class="s2">"nomad"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">these</span><span class="w"> </span><span class="err">options</span><span class="w"> </span><span class="err">both</span><span class="w"> </span><span class="err">default</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">the</span><span class="w"> </span><span class="err">values</span><span class="w"> </span><span class="err">shown</span><span class="p">,</span><span class="w"> </span><span class="err">but</span><span class="w"> </span><span class="err">are</span><span class="w"> </span><span class="err">left</span><span class="w"> </span><span class="err">here</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">show</span><span class="w"> </span><span class="err">they</span><span class="w"> </span><span class="err">are</span><span class="w"> </span><span class="err">configurable</span><span class="w"> </span><span class="err">datacenter</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"dc1"</span><span class="w"> </span><span class="err">namespace</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="s2">"default"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>On en allant beaucoup plus loin avec cet exemple de déploiement Blue/Green …</p> <ul> <li><a href="https://www.redhat.com/en/topics/devops/what-is-blue-green-deployment">What is blue green deployment?</a></li> <li><a href="https://www.infralovers.com/en/articles/2022/10/05/bluegreen-deployments-with-nomad-and-waypoint/">Blue/Green Deployments with HashiCorp Nomad and Waypoint</a></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--SFKQYwyf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AYsnvV7z3Js-4uZOT-0S7bg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--SFKQYwyf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AYsnvV7z3Js-4uZOT-0S7bg.png" alt="" width="880" height="443"></a></p> <p>À suivre !</p> consul nomad devops docker Karim Thu, 09 Mar 2023 14:35:11 +0000 https://forem.com/deep75/effectuer-des-operations-de-base-autour-des-machines-virtuelles-avec-kubevirt-manager--25oo https://forem.com/deep75/effectuer-des-operations-de-base-autour-des-machines-virtuelles-avec-kubevirt-manager--25oo <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--xraSNX-V--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/0%2AK3Zu0cib5b0B9D2j.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--xraSNX-V--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/0%2AK3Zu0cib5b0B9D2j.png" alt="" width="880" height="648"></a></p> <p>Kubevirt permet comme on l’a vu dans plusieurs articles précedemment de fournir une plateforme de développement unifiée où les développeurs peuvent construire, modifier et déployer des applications résidant à la fois dans des conteneurs d’application et dans des machines virtuelles dans un environnement commun et partagé.</p> <ul> <li><a href="https://kubevirt.io/">KubeVirt.io</a></li> <li><a href="https://deep75.medium.com/deployer-kubevirt-en-utilisant-hyperconverged-cluster-operator-hco-et-g%C3%A9rer-ses-vms-dans-8fcb128be39d">Deployer KubeVirt en utilisant Hyperconverged Cluster Operator (HCO) et gérer ses VMs dans…</a></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--AewwDkCB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/900/0%2AvFvPPdQjh-kabZDM.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--AewwDkCB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/900/0%2AvFvPPdQjh-kabZDM.png" alt="" width="880" height="425"></a><br> <em><a href="https://kubevirt.io/2020/KubeVirt_deep_dive-virtualized_gpu_workloads.html">https://kubevirt.io/2020/KubeVirt_deep_dive-virtualized_gpu_workloads.html</a></em></p> <p>Même si d’autres solutions alternatives de création et d’utilisations de machines virtuelles existent pour Kubernetes :</p> <ul> <li><a href="https://dev.to/deep75/neonvm-api-de-virtualisation-legere-basee-sur-qemu-pour-kubernetes--3nnd">NeonVM : API de virtualisation légère basée sur QEMU pour Kubernetes …</a></li> <li><a href="https://dev.to/deep75/kubefire-creer-et-gerer-des-clusters-kubernetes-en-utilisant-des-microvms-avec-firecracker--2jge">KubeFire : Créer et gèrer des clusters Kubernetes en utilisant des microVMs avec Firecracker …</a></li> <li><a href="https://dev.to/deep75/virtink-un-module-complementaire-de-virtualisation-legere-pour-kubernetes--2fk6">Virtink : un module complémentaire de virtualisation légère pour Kubernetes …</a></li> </ul> <blockquote> <p>Une solution existait pour gérer ses machines virtuelles graphiquement dans Kubernetes et KubeVirt avec OpenShift Web Console :</p> </blockquote> <ul> <li><a href="https://kubevirt.io/2020/OKD-web-console-install.html">Managing KubeVirt with OpenShift Web Console | KubeVirt.io</a></li> <li><a href="https://docs.okd.io/latest/virt/virtual_machines/virt-accessing-vm-consoles.html">Accessing virtual machine consoles - Virtual machines | Virtualization | OKD 4</a></li> <li><a href="https://dev.to/deep75/apercu-de-microshift-une-implementation-legere-d-openshift-4jim">Aperçu de Microshift, une implémentation légère d’OpenShift …</a></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hyfApHqP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/500/0%2A8hmr_O55uoiBH_Pj.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hyfApHqP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/500/0%2A8hmr_O55uoiBH_Pj.jpg" alt="" width="500" height="544"></a></p> <p>Ici focus sur KubeVirt Manager, un projet récent qui fournit un Frontend Angular simple pour faire fonctionner KubeVirt.</p> <blockquote> <p>Cet outil vous permet d’effectuer des opérations de base autour des machines virtuelles, des instances de machines virtuelles et des disques :</p> </blockquote> <p><a href="https://github.com/kubevirt-manager/kubevirt-manager">GitHub - kubevirt-manager/kubevirt-manager: Kubevirt Web UI / Web Interface Manager</a></p> <p>Application rapide avec le déploiement d’un cluster AKS dans Azure avec un Scale Set utilisant des instances Spot et ces paramètres :</p> <ul> <li><a href="https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-cli">Azure deployment templates with Azure CLI - Azure Resource Manager - Azure Resource Manager</a></li> <li> <a href="https://learn.microsoft.com/en-us/azure/aks/spot-node-pool">Add an Azure Spot node pool to an Azure Kubernetes Service (AKS) cluster - Azure Kubernetes Service</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"$schema"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#"</span><span class="p">,</span><span class="w"> </span><span class="nl">"contentVersion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.0.0.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"parameters"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"resourceName"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AKS"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"francecentral"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"dnsPrefix"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AKS-dns"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"kubernetesVersion"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.26.0"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"networkPlugin"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"kubenet"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"enableRBAC"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"nodeResourceGroup"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MC_RG-AKS_AKS_francecentral"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"upgradeChannel"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"none"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"adminGroupObjectIDs"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"disableLocalAccounts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"azureRbac"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"enablePrivateCluster"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"enableHttpApplicationRouting"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"enableAzurePolicy"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"enableSecretStoreCSIDriver"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"vmssNodePool"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><a href="https://deep75.medium.com/mise-en-oeuvre-dun-cluster-kubernetes-1-14-avec-des-noeuds-windows-via-aks-engine-8c7400a7037c">Mise en oeuvre d’un cluster Kubernetes 1.14 avec des noeuds Windows via AKS-Engine …</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--karrghu_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ApshgUiqxLac4_mO8Az4yBg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--karrghu_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ApshgUiqxLac4_mO8Az4yBg.png" alt="" width="880" height="307"></a></p> <p>Le cluster AKS est déployé avec récupération des identifiants :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>az aks get-credentials <span class="nt">--resource-group</span> RG-AKS <span class="nt">--name</span> AKS Merged <span class="s2">"AKS"</span> as current context <span class="k">in</span> /home/cert/.kube/config <span class="nv">$ </span>kubectl cluster-info Kubernetes control plane is running at https://aks-dns-bn9a54nt.hcp.francecentral.azmk8s.io:443 CoreDNS is running at https://aks-dns-bn9a54nt.hcp.francecentral.azmk8s.io:443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy Metrics-server is running at https://aks-dns-bn9a54nt.hcp.francecentral.azmk8s.io:443/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> <span class="nv">$ </span>kubectl get po,svc <span class="nt">-A</span> NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/azure-ip-masq-agent-6g72l 1/1 Running 0 6m18s kube-system pod/azure-ip-masq-agent-nzbf5 1/1 Running 0 6m20s kube-system pod/azure-ip-masq-agent-rj6mj 1/1 Running 0 6m6s kube-system pod/cloud-node-manager-rfpcf 1/1 Running 0 6m18s kube-system pod/cloud-node-manager-rg5jm 1/1 Running 0 6m6s kube-system pod/cloud-node-manager-zpsgs 1/1 Running 0 6m20s kube-system pod/coredns-78669d9946-txcm8 1/1 Running 0 4m26s kube-system pod/coredns-78669d9946-zt9b5 1/1 Running 0 6m30s kube-system pod/coredns-autoscaler-5b5c4f5b4f-zl2hq 1/1 Running 0 6m30s kube-system pod/csi-azuredisk-node-44ffr 3/3 Running 0 6m20s kube-system pod/csi-azuredisk-node-m2s5r 3/3 Running 0 6m18s kube-system pod/csi-azuredisk-node-v4dc8 3/3 Running 0 6m6s kube-system pod/csi-azurefile-node-5pzl4 3/3 Running 0 6m18s kube-system pod/csi-azurefile-node-mqxw4 3/3 Running 0 6m6s kube-system pod/csi-azurefile-node-nfvct 3/3 Running 0 6m20s kube-system pod/konnectivity-agent-f94c65c6f-bjcwq 1/1 Running 0 6m29s kube-system pod/konnectivity-agent-f94c65c6f-rdbfl 1/1 Running 0 6m29s kube-system pod/kube-proxy-52svq 1/1 Running 0 6m18s kube-system pod/kube-proxy-cnplk 1/1 Running 0 6m6s kube-system pod/kube-proxy-dnjjp 1/1 Running 0 6m20s kube-system pod/metrics-server-5f6654d4df-nqj2w 2/2 Running 0 4m20s kube-system pod/metrics-server-5f6654d4df-qk22x 2/2 Running 0 4m20s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default service/kubernetes ClusterIP 10.0.0.1 &lt;none&gt; 443/TCP 7m4s kube-system service/kube-dns ClusterIP 10.0.0.10 &lt;none&gt; 53/UDP,53/TCP 6m31s kube-system service/metrics-server ClusterIP 10.0.139.110 &lt;none&gt; 443/TCP 6m30s <span class="nv">$ </span>kubectl get nodes <span class="nt">-o</span> wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME aks-agentpool-16963728-vmss000000 Ready agent 6m15s v1.26.0 10.224.0.5 &lt;none&gt; Ubuntu 22.04.1 LTS 5.15.0-1033-azure containerd://1.6.17+azure-1 aks-userpool-16963728-vmss000000 Ready agent 6m27s v1.26.0 10.224.0.4 20.111.27.134 Ubuntu 22.04.1 LTS 5.15.0-1033-azure containerd://1.6.17+azure-1 aks-userpool-16963728-vmss000001 Ready agent 6m29s v1.26.0 10.224.0.6 20.111.27.202 Ubuntu 22.04.1 LTS 5.15.0-1033-azure containerd://1.6.17+azure-1 </code></pre> </div> <p>J’utilise ici un pool de Noeud Spot avec des instances Esv5 qui autorise la virtualisation imbriquée pour cette expérience :</p> <p><a href="https://learn.microsoft.com/en-us/azure/virtual-machines/ev5-esv5-series">Ev5 and Esv5-series - Azure Virtual Machines</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--1rQg5Dab--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/952/1%2Avc3ahIgRfWN5axw_YH3NEA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--1rQg5Dab--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/952/1%2Avc3ahIgRfWN5axw_YH3NEA.png" alt="" width="880" height="596"></a></p> <p>Ce qui permet le déploiement de KubeVirt via HCO (Hyperconverged Cluster Operator) :</p> <p><a href="https://github.com/kubevirt/hyperconverged-cluster-operator">GitHub - kubevirt/hyperconverged-cluster-operator: Operator pattern for managing multi-operator products</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--s2tub3D6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/831/0%2A7xvtc18DqlXZFKKM.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--s2tub3D6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/831/0%2A7xvtc18DqlXZFKKM.jpg" alt="" width="831" height="551"></a></p> <p>avec ce script unifié :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/deploy.sh | bash <span class="nv">$ </span>curl https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/deploy.sh | bash + <span class="nv">hco_namespace</span><span class="o">=</span>kubevirt-hyperconverged + <span class="nv">IS_OPENSHIFT</span><span class="o">=</span><span class="nb">false</span> + kubectl api-resources + <span class="nb">grep </span>clusterversions + <span class="nb">grep </span>config.openshift.io + kubectl create ns kubevirt-hyperconverged <span class="nt">--dry-run</span><span class="o">=</span><span class="nb">true</span> <span class="nt">-o</span> yaml + kubectl apply <span class="nt">-f</span> - W0309 13:38:03.250568 3638 helpers.go:677] <span class="nt">--dry-run</span><span class="o">=</span><span class="nb">true </span>is deprecated <span class="o">(</span>boolean value<span class="o">)</span> and can be replaced with <span class="nt">--dry-run</span><span class="o">=</span>client. namespace/kubevirt-hyperconverged created + <span class="nv">namespaces</span><span class="o">=(</span><span class="s2">"openshift"</span><span class="o">)</span> + <span class="k">for </span>namespace <span class="k">in</span> <span class="k">${</span><span class="nv">namespaces</span><span class="p">[@]</span><span class="k">}</span> ++ kubectl get ns openshift Error from server <span class="o">(</span>NotFound<span class="o">)</span>: namespaces <span class="s2">"openshift"</span> not found + <span class="o">[[</span><span class="s1">''</span> <span class="o">==</span> <span class="s1">''</span><span class="o">]]</span> + kubectl create ns openshift <span class="nt">--dry-run</span><span class="o">=</span><span class="nb">true</span> <span class="nt">-o</span> yaml + kubectl apply <span class="nt">-f</span> - W0309 13:38:04.072929 3667 helpers.go:677] <span class="nt">--dry-run</span><span class="o">=</span><span class="nb">true </span>is deprecated <span class="o">(</span>boolean value<span class="o">)</span> and can be replaced with <span class="nt">--dry-run</span><span class="o">=</span>client. namespace/openshift created + <span class="nv">LABEL_SELECTOR_ARG</span><span class="o">=</span> + <span class="s1">'['</span> <span class="nb">false</span> <span class="s1">'!='</span> <span class="nb">true</span> <span class="s1">']'</span> + <span class="nv">LABEL_SELECTOR_ARG</span><span class="o">=</span><span class="s1">'-l name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/crds/cluster-network-addons00.crd.yaml customresourcedefinition.apiextensions.k8s.io/networkaddonsconfigs.networkaddonsoperator.network.kubevirt.io created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/crds/containerized-data-importer00.crd.yaml customresourcedefinition.apiextensions.k8s.io/cdis.cdi.kubevirt.io created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/crds/hco00.crd.yaml customresourcedefinition.apiextensions.k8s.io/hyperconvergeds.hco.kubevirt.io created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/crds/kubevirt00.crd.yaml customresourcedefinition.apiextensions.k8s.io/kubevirts.kubevirt.io created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/crds/hostpath-provisioner00.crd.yaml customresourcedefinition.apiextensions.k8s.io/hostpathprovisioners.hostpathprovisioner.kubevirt.io created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/crds/scheduling-scale-performance00.crd.yaml customresourcedefinition.apiextensions.k8s.io/ssps.ssp.kubevirt.io created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/crds/tekton-tasks-operator00.crd.yaml customresourcedefinition.apiextensions.k8s.io/tektontasks.tektontasks.kubevirt.io created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/cert-manager.yaml customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created namespace/cert-manager created serviceaccount/cert-manager-cainjector created serviceaccount/cert-manager created serviceaccount/cert-manager-webhook created clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrole.rbac.authorization.k8s.io/cert-manager-view created clusterrole.rbac.authorization.k8s.io/cert-manager-edit created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created role.rbac.authorization.k8s.io/cert-manager:leaderelection created role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created service/cert-manager created service/cert-manager-webhook created deployment.apps/cert-manager-cainjector created deployment.apps/cert-manager created deployment.apps/cert-manager-webhook created mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created + kubectl <span class="nt">-n</span> cert-manager <span class="nb">wait </span>deployment/cert-manager <span class="nt">--for</span><span class="o">=</span><span class="nv">condition</span><span class="o">=</span>Available <span class="nt">--timeout</span><span class="o">=</span>300s deployment.apps/cert-manager condition met + kubectl <span class="nt">-n</span> cert-manager <span class="nb">wait </span>deployment/cert-manager-webhook <span class="nt">--for</span><span class="o">=</span><span class="nv">condition</span><span class="o">=</span>Available <span class="nt">--timeout</span><span class="o">=</span>300s deployment.apps/cert-manager-webhook condition met + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-n</span> kubevirt-hyperconverged <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/cluster_role.yaml role.rbac.authorization.k8s.io/cluster-network-addons-operator created role.rbac.authorization.k8s.io/kubevirt-operator created role.rbac.authorization.k8s.io/tekton-tasks-operator created role.rbac.authorization.k8s.io/cdi-operator created role.rbac.authorization.k8s.io/hostpath-provisioner-operator created clusterrole.rbac.authorization.k8s.io/hyperconverged-cluster-operator created clusterrole.rbac.authorization.k8s.io/cluster-network-addons-operator created clusterrole.rbac.authorization.k8s.io/kubevirt-operator created clusterrole.rbac.authorization.k8s.io/tekton-tasks-operator created clusterrole.rbac.authorization.k8s.io/cdi-operator created clusterrole.rbac.authorization.k8s.io/hostpath-provisioner-operator created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-n</span> kubevirt-hyperconverged <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/service_account.yaml serviceaccount/cdi-operator created serviceaccount/cluster-network-addons-operator created serviceaccount/hostpath-provisioner-operator created serviceaccount/hyperconverged-cluster-operator created serviceaccount/kubevirt-operator created serviceaccount/tekton-tasks-operator created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-n</span> kubevirt-hyperconverged <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/cluster_role_binding.yaml rolebinding.rbac.authorization.k8s.io/cluster-network-addons-operator created rolebinding.rbac.authorization.k8s.io/kubevirt-operator created rolebinding.rbac.authorization.k8s.io/tekton-tasks-operator created rolebinding.rbac.authorization.k8s.io/cdi-operator created rolebinding.rbac.authorization.k8s.io/hostpath-provisioner-operator created clusterrolebinding.rbac.authorization.k8s.io/hyperconverged-cluster-operator created clusterrolebinding.rbac.authorization.k8s.io/cluster-network-addons-operator created clusterrolebinding.rbac.authorization.k8s.io/kubevirt-operator created clusterrolebinding.rbac.authorization.k8s.io/tekton-tasks-operator created clusterrolebinding.rbac.authorization.k8s.io/cdi-operator created clusterrolebinding.rbac.authorization.k8s.io/hostpath-provisioner-operator created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-n</span> kubevirt-hyperconverged <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/webhooks.yaml issuer.cert-manager.io/selfsigned created certificate.cert-manager.io/hyperconverged-cluster-webhook-service-cert created validatingwebhookconfiguration.admissionregistration.k8s.io/validate-hco.kubevirt.io created certificate.cert-manager.io/node-maintenance-operator-service-cert created validatingwebhookconfiguration.admissionregistration.k8s.io/nodemaintenance-validation.kubevirt.io created certificate.cert-manager.io/hostpath-provisioner-operator-webhook-service-cert created validatingwebhookconfiguration.admissionregistration.k8s.io/hostpathprovisioner.kubevirt.io created mutatingwebhookconfiguration.admissionregistration.k8s.io/mutate-hco.kubevirt.io created + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-n</span> kubevirt-hyperconverged <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/operator.yaml deployment.apps/hyperconverged-cluster-operator created deployment.apps/hyperconverged-cluster-webhook created deployment.apps/cluster-network-addons-operator created deployment.apps/virt-operator created deployment.apps/tekton-tasks-operator created deployment.apps/cdi-operator created deployment.apps/hostpath-provisioner-operator created service/hyperconverged-cluster-webhook-service created service/hostpath-provisioner-operator-service created + kubectl <span class="nt">-n</span> kubevirt-hyperconverged <span class="nb">wait </span>deployment/hyperconverged-cluster-webhook <span class="nt">--for</span><span class="o">=</span><span class="nv">condition</span><span class="o">=</span>Available <span class="nt">--timeout</span><span class="o">=</span>300s deployment.apps/hyperconverged-cluster-webhook condition met + kubectl apply <span class="nt">-l</span> <span class="s1">'name!=ssp-operator,name!=hyperconverged-cluster-cli-download'</span> <span class="nt">-n</span> kubevirt-hyperconverged <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/main/deploy/hco.cr.yaml hyperconverged.hco.kubevirt.io/kubevirt-hyperconverged created </code></pre> </div> <p>KubeVirt est alors déployé dans ce cluster :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get po,svc <span class="nt">-n</span> kubevirt-hyperconverged NAME READY STATUS RESTARTS AGE pod/bridge-marker-n7dgz 1/1 Running 0 3m14s pod/bridge-marker-qld66 1/1 Running 0 3m14s pod/bridge-marker-w9rjv 1/1 Running 0 3m14s pod/cdi-apiserver-5b79dbb75c-2wjgl 1/1 Running 0 2m41s pod/cdi-deployment-68787cb469-l5cpl 1/1 Running 0 2m37s pod/cdi-operator-b5fc58cd7-b9f2s 1/1 Running 0 3m24s pod/cdi-uploadproxy-56d645d8d5-trt54 1/1 Running 0 2m46s pod/cluster-network-addons-operator-6f6765958d-rn2fn 2/2 Running 0 3m35s pod/hostpath-provisioner-operator-7bb46fd5b7-cg2hb 1/1 Running 0 3m24s pod/hyperconverged-cluster-operator-7df6b469b4-942tx 1/1 Running 0 3m35s pod/hyperconverged-cluster-webhook-55cfd6cb69-46r8v 1/1 Running 0 3m35s pod/kube-cni-linux-bridge-plugin-62jrn 1/1 Running 0 3m14s pod/kube-cni-linux-bridge-plugin-hqpsg 1/1 Running 0 3m14s pod/kube-cni-linux-bridge-plugin-nzkpp 1/1 Running 0 3m14s pod/kubemacpool-cert-manager-6dfd4bb587-b29pl 1/1 Running 0 3m14s pod/kubemacpool-mac-controller-manager-646dd6f884-gxttc 2/2 Running 0 3m14s pod/multus-ggncz 1/1 Running 0 3m15s pod/multus-m2xjm 1/1 Running 0 3m15s pod/multus-zjm8n 1/1 Running 0 3m15s pod/tekton-tasks-operator-7d98668446-prr4b 1/1 Running 0 3m35s pod/virt-api-94f856488-k7fcb 1/1 Running 0 2m20s pod/virt-controller-7bd9bdbccc-rn762 1/1 Running 0 107s pod/virt-exportproxy-5c8d7c5668-mwfnz 1/1 Running 0 107s pod/virt-handler-mzjv5 1/1 Running 0 107s pod/virt-operator-6797b9bb9c-5jqj8 1/1 Running 0 3m24s pod/virt-operator-6797b9bb9c-rrm4n 1/1 Running 0 3m24s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE service/cdi-api ClusterIP 10.0.59.53 &lt;none&gt; 443/TCP 2m41s service/cdi-prometheus-metrics ClusterIP 10.0.220.94 &lt;none&gt; 8080/TCP 2m37s service/cdi-uploadproxy ClusterIP 10.0.37.12 &lt;none&gt; 443/TCP 2m46s service/hostpath-provisioner-operator-service ClusterIP 10.0.118.100 &lt;none&gt; 9443/TCP 3m35s service/hyperconverged-cluster-webhook-service ClusterIP 10.0.122.49 &lt;none&gt; 4343/TCP 3m35s service/kubemacpool-service ClusterIP 10.0.96.143 &lt;none&gt; 443/TCP 3m14s service/kubevirt-operator-webhook ClusterIP 10.0.145.178 &lt;none&gt; 443/TCP 2m22s service/kubevirt-prometheus-metrics ClusterIP None &lt;none&gt; 443/TCP 2m22s service/virt-api ClusterIP 10.0.230.208 &lt;none&gt; 443/TCP 2m22s service/virt-exportproxy ClusterIP 10.0.218.176 &lt;none&gt; 443/TCP 2m22s </code></pre> </div> <p>KubeVirt Manager est mise en oeuvre via les manifests YAML fournis dans son dépôt GitHub :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>git clone https://github.com/kubevirt-manager/kubevirt-manager Cloning into <span class="s1">'kubevirt-manager'</span>... remote: Enumerating objects: 4464, <span class="k">done</span><span class="nb">.</span> remote: Counting objects: 100% <span class="o">(</span>1287/1287<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> remote: Compressing objects: 100% <span class="o">(</span>446/446<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> remote: Total 4464 <span class="o">(</span>delta 838<span class="o">)</span>, reused 1191 <span class="o">(</span>delta 815<span class="o">)</span>, pack-reused 3177 Receiving objects: 100% <span class="o">(</span>4464/4464<span class="o">)</span>, 67.53 MiB | 3.41 MiB/s, <span class="k">done</span><span class="nb">.</span> Resolving deltas: 100% <span class="o">(</span>1461/1461<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> ~/kubevirt-manager<span class="nv">$ </span>kubectl apply <span class="nt">-f</span> kubernetes/ns.yaml namespace/kubevirt-manager created ~/kubevirt-manager<span class="nv">$ </span><span class="nb">cat </span>kubernetes/ns.yaml apiVersion: v1 kind: Namespace metadata: name: kubevirt-manager labels: app: kubevirt-manager kubevirt-manager.io/version: 1.2.0 ~/kubevirt-manager<span class="nv">$ </span>kubectl apply <span class="nt">-f</span> kubernetes/rbac.yaml serviceaccount/kubevirt-manager created clusterrole.rbac.authorization.k8s.io/kubevirt-manager created clusterrolebinding.rbac.authorization.k8s.io/kubevirt-manager created ~/kubevirt-manager<span class="nv">$ </span>kubectl apply <span class="nt">-f</span> kubernetes/deployment.yaml deployment.apps/kubevirt-manager created ~/kubevirt-manager<span class="nv">$ </span>kubectl apply <span class="nt">-f</span> kubernetes/pc.yaml priorityclass.scheduling.k8s.io/vm-standard created priorityclass.scheduling.k8s.io/vm-preemptible created ~/kubevirt-manager<span class="nv">$ </span>kubectl apply <span class="nt">-f</span> kubernetes/service.yaml service/kubevirt-manager created </code></pre> </div> <p>KubeVirt Manager est déployé et je change en éditant le service d’exposition de ClusterIP à Load Balancer pour obtenir une exposition en HTTP :</p> <p><a href="https://kubernetes.io/docs/concepts/services-networking/">Services, Load Balancing, and Networking</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get po,svc <span class="nt">-n</span> kubevirt-manager NAME READY STATUS RESTARTS AGE pod/kubevirt-manager-5858499887-wfrgn 1/1 Running 0 95s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE service/kubevirt-manager ClusterIP 10.0.173.82 &lt;none&gt; 8080/TCP 63s <span class="nv">$ </span>kubectl edit <span class="nt">-n</span> kubevirt-manager service/kubevirt-manager service/kubevirt-manager edited <span class="nv">$ </span>kubectl get po,svc <span class="nt">-n</span> kubevirt-manager NAME READY STATUS RESTARTS AGE pod/kubevirt-manager-5858499887-wfrgn 1/1 Running 0 4m56s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE service/kubevirt-manager LoadBalancer 10.0.173.82 20.74.99.190 8080:30143/TCP 4m24s </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--fF9RkvKr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ArvtP2hJjeECi_uXc1VLMYg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fF9RkvKr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ArvtP2hJjeECi_uXc1VLMYg.png" alt="" width="880" height="398"></a></p> <p>Et j’y accède via l’adresse IP publique fournie dans AKS :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--6PuT9R1U--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AXRl9eCZyS-rxOlWypQtaig.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--6PuT9R1U--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AXRl9eCZyS-rxOlWypQtaig.png" alt="" width="880" height="620"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hs36eVJn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A9n6cTGqnMpBkpeFGWSAXTw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hs36eVJn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A9n6cTGqnMpBkpeFGWSAXTw.png" alt="" width="880" height="421"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--LNUUOtHU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AKVDlUPqN_kYfRGl0f5cg6Q.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--LNUUOtHU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AKVDlUPqN_kYfRGl0f5cg6Q.png" alt="" width="880" height="421"></a></p> <p>Krew est installé localement via Kubectl ainsi que le plugin correspondant pour Kubevirt :</p> <p><a href="https://krew.sigs.k8s.io/docs/user-guide/quickstart/">Quickstart</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl krew update Updated the <span class="nb">local </span>copy of plugin index. <span class="nv">$ </span>kubectl krew search virt NAME DESCRIPTION INSTALLED pv-migrate Migrate data across persistent volumes no pvmigrate Migrates PVs between StorageClasses no view-cert View certificate information stored <span class="k">in </span>secrets no view-secret Decode Kubernetes secrets no view-serviceaccount-kubeconfig Show a kubeconfig setting to access the apiserv... no virt Control KubeVirt virtual machines using virtctl <span class="nb">yes</span> </code></pre> </div> <p>Ce qui permet de lancer directement une petite machine virtuelle avec Cirros :</p> <p><a href="https://github.com/cirros-dev/cirros">GitHub - cirros-dev/cirros</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/kubevirt/demo/master/manifests/vm.yaml virtualmachine.kubevirt.io/testvm created <span class="nv">$ </span>kubectl describe vm testvm Name: testvm Namespace: default Labels: &lt;none&gt; Annotations: kubevirt.io/latest-observed-api-version: v1 kubevirt.io/storage-observed-api-version: v1alpha3 API Version: kubevirt.io/v1 Kind: VirtualMachine Metadata: Creation Timestamp: 2023-03-09T13:23:32Z Finalizers: kubevirt.io/virtualMachineControllerFinalize Generation: 1 Managed Fields: API Version: kubevirt.io/v1alpha3 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: f:kubevirt.io/latest-observed-api-version: f:kubevirt.io/storage-observed-api-version: f:finalizers: .: v:<span class="s2">"kubevirt.io/virtualMachineControllerFinalize"</span>: Manager: Go-http-client Operation: Update Time: 2023-03-09T13:23:32Z API Version: kubevirt.io/v1alpha3 Fields Type: FieldsV1 fieldsV1: f:status: .: f:conditions: f:printableStatus: f:volumeSnapshotStatuses: Manager: Go-http-client Operation: Update Subresource: status Time: 2023-03-09T13:23:32Z API Version: kubevirt.io/v1alpha3 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: .: f:kubectl.kubernetes.io/last-applied-configuration: f:spec: .: f:running: f:template: .: f:metadata: .: f:labels: .: f:kubevirt.io/domain: f:kubevirt.io/size: f:spec: .: f:domain: .: f:devices: .: f:disks: f:interfaces: f:resources: .: f:requests: .: f:memory: f:networks: f:volumes: Manager: kubectl-client-side-apply Operation: Update Time: 2023-03-09T13:23:32Z Resource Version: 39937 UID: 01de5614-922a-4ae8-9bec-40eeb9a7c500 Spec: Running: <span class="nb">false </span>Template: Metadata: Creation Timestamp: &lt;nil&gt; Labels: kubevirt.io/domain: testvm kubevirt.io/size: small Spec: Domain: Devices: Disks: Disk: Bus: virtio Name: rootfs Disk: Bus: virtio Name: cloudinit Interfaces: Mac Address: 02:9d:e4:00:00:00 Masquerade: Name: default Machine: Type: q35 Resources: Requests: Memory: 64M Networks: Name: default Pod: Volumes: Container Disk: Image: kubevirt/cirros-registry-disk-demo Name: rootfs Cloud Init No Cloud: userDataBase64: <span class="nv">SGkuXG4</span><span class="o">=</span> Name: cloudinit Status: Conditions: Last Probe Time: 2023-03-09T13:23:32Z Last Transition Time: 2023-03-09T13:23:32Z Message: VMI does not exist Reason: VMINotExists Status: False Type: Ready Printable Status: Stopped Volume Snapshot Statuses: Enabled: <span class="nb">false </span>Name: rootfs Reason: Snapshot is not supported <span class="k">for </span>this volumeSource <span class="nb">type</span> <span class="o">[</span>rootfs] Enabled: <span class="nb">false </span>Name: cloudinit Reason: Snapshot is not supported <span class="k">for </span>this volumeSource <span class="nb">type</span> <span class="o">[</span>cloudinit] Events: &lt;none&gt; <span class="nv">$ </span>kubectl virt start testvm VM testvm was scheduled to start <span class="nv">$ </span>kubectl describe vmi testvm Name: testvm Namespace: default Labels: kubevirt.io/domain<span class="o">=</span>testvm kubevirt.io/size<span class="o">=</span>small Annotations: kubevirt.io/latest-observed-api-version: v1 kubevirt.io/storage-observed-api-version: v1alpha3 API Version: kubevirt.io/v1 Kind: VirtualMachineInstance Metadata: Creation Timestamp: 2023-03-09T13:26:14Z Finalizers: kubevirt.io/virtualMachineControllerFinalize foregroundDeleteVirtualMachine Generation: 4 Managed Fields: API Version: kubevirt.io/v1alpha3 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: .: f:kubevirt.io/latest-observed-api-version: f:kubevirt.io/storage-observed-api-version: f:finalizers: .: v:<span class="s2">"kubevirt.io/virtualMachineControllerFinalize"</span>: f:labels: .: f:kubevirt.io/domain: f:kubevirt.io/size: f:ownerReferences: .: k:<span class="o">{</span><span class="s2">"uid"</span>:<span class="s2">"01de5614-922a-4ae8-9bec-40eeb9a7c500"</span><span class="o">}</span>: f:spec: .: f:domain: .: f:devices: .: f:disks: f:interfaces: f:firmware: .: f:uuid: f:machine: .: f:type: f:resources: .: f:requests: .: f:memory: f:networks: f:volumes: f:status: .: f:activePods: .: f:f2afda42-6f8f-4bad-b35a-7591c3233cc1: f:conditions: f:guestOSInfo: f:phase: f:phaseTransitionTimestamps: f:qosClass: f:runtimeUser: f:virtualMachineRevisionName: Manager: Go-http-client Operation: Update Time: 2023-03-09T13:26:14Z Owner References: API Version: kubevirt.io/v1 Block Owner Deletion: <span class="nb">true </span>Controller: <span class="nb">true </span>Kind: VirtualMachine Name: testvm UID: 01de5614-922a-4ae8-9bec-40eeb9a7c500 Resource Version: 41728 UID: 745caf89-6e75-47d1-b094-91e6119f3cc4 Spec: Domain: Cpu: Cores: 1 Model: host-model Sockets: 1 Threads: 1 Devices: Disks: Disk: Bus: virtio Name: rootfs Disk: Bus: virtio Name: cloudinit Interfaces: Mac Address: 02:9d:e4:00:00:00 Masquerade: Name: default Features: Acpi: Enabled: <span class="nb">true </span>Firmware: Uuid: 5a9fc181-957e-5c32-9e5a-2de5e9673531 Machine: Type: q35 Resources: Requests: Memory: 64M Networks: Name: default Pod: Volumes: Container Disk: Image: kubevirt/cirros-registry-disk-demo Image Pull Policy: Always Name: rootfs Cloud Init No Cloud: userDataBase64: <span class="nv">SGkuXG4</span><span class="o">=</span> Name: cloudinit Status: Active Pods: f2afda42-6f8f-4bad-b35a-7591c3233cc1: aks-agentpool-16963728-vmss000000 Conditions: Last Probe Time: 2023-03-09T13:26:14Z Last Transition Time: 2023-03-09T13:26:14Z Message: Guest VM is not reported as running Reason: GuestNotRunning Status: False Type: Ready Guest OS Info: Phase: Scheduling Phase Transition Timestamps: Phase: Pending Phase Transition Timestamp: 2023-03-09T13:26:14Z Phase: Scheduling Phase Transition Timestamp: 2023-03-09T13:26:14Z Qos Class: Burstable Runtime User: 107 Virtual Machine Revision Name: revision-start-vm-01de5614-922a-4ae8-9bec-40eeb9a7c500-2 Events: Type Reason Age From Message <span class="nt">----</span> <span class="nt">------</span> <span class="nt">----</span> <span class="nt">----</span> <span class="nt">-------</span> Normal SuccessfulCreate 8s virtualmachine-controller Created virtual machine pod virt-launcher-testvm-b77hf </code></pre> </div> <p>Elle est en exécution dans KubeVirt :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get vmis NAME AGE PHASE IP NODENAME READY testvm 61s Running 10.244.2.38 aks-agentpool-16963728-vmss000000 True <span class="nv">$ </span>kubectl get vms NAME AGE STATUS READY testvm 3m47s Running True </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hfoT-Hib--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ap32nJgYeypDrJwfcc3budQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hfoT-Hib--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ap32nJgYeypDrJwfcc3budQ.png" alt="" width="880" height="413"></a></p> <p>avec sa console VNC fournie dans KubeVirt Manager :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--nxRp5lNP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AiHlp8om-_htJo09lWxkajw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--nxRp5lNP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AiHlp8om-_htJo09lWxkajw.png" alt="" width="880" height="413"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--tkpouq9R--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AgzKOMtiGOvfZNzhS-Th2Bg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--tkpouq9R--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AgzKOMtiGOvfZNzhS-Th2Bg.png" alt="" width="880" height="413"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--saynoOod--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ANqQOylWFSEQLdjzQ7t1YwA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--saynoOod--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ANqQOylWFSEQLdjzQ7t1YwA.png" alt="" width="880" height="413"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--kriGlvt4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AZ3xImKAQlZvXRZ9HZubnMQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--kriGlvt4--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AZ3xImKAQlZvXRZ9HZubnMQ.png" alt="" width="880" height="413"></a></p> <p>Bien évidemment, je pouvais également accéder à la console de la machine virtuelle localement :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl virt console testvm testvm login: cirros Password: gocubsgo <span class="nv">$ </span>ps aux PID USER COMMAND 1 root init 2 root <span class="o">[</span>kthreadd] 3 root <span class="o">[</span>ksoftirqd/0] 4 root <span class="o">[</span>kworker/0:0] 5 root <span class="o">[</span>kworker/0:0H] 7 root <span class="o">[</span>rcu_sched] 8 root <span class="o">[</span>rcu_bh] 9 root <span class="o">[</span>migration/0] 10 root <span class="o">[</span>watchdog/0] 11 root <span class="o">[</span>kdevtmpfs] 12 root <span class="o">[</span>netns] 13 root <span class="o">[</span>perf] 14 root <span class="o">[</span>khungtaskd] 15 root <span class="o">[</span>writeback] 16 root <span class="o">[</span>ksmd] 17 root <span class="o">[</span>crypto] 18 root <span class="o">[</span>kintegrityd] 19 root <span class="o">[</span>bioset] 20 root <span class="o">[</span>kblockd] 21 root <span class="o">[</span>ata_sff] 22 root <span class="o">[</span>md] 23 root <span class="o">[</span>devfreq_wq]La sup </code></pre> </div> <p>L’interruption peut se faire graphiquement ou via la ligne de commande habituelle :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl virt stop testvm VM testvm was scheduled to stop <span class="nv">$ </span>kubectl delete vm testvm virtualmachine.kubevirt.io <span class="s2">"testvm"</span> deleted </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--FwbWiqR9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A_rBQ71ciolH9dOHlrAozTQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--FwbWiqR9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A_rBQ71ciolH9dOHlrAozTQ.png" alt="" width="880" height="557"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--cLep2StZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ASGMO6L4ytBLg8qdzEiicPA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--cLep2StZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ASGMO6L4ytBLg8qdzEiicPA.png" alt="" width="880" height="557"></a></p> <p>Avec les options graphiques, il serait possible de reproduire le schéma de création de machine virtuelle via “Containerized Data Importer (CDI)” …</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--6_nQ80T---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/0%2A5D6mb2HPMDu3jVC0" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--6_nQ80T---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/0%2A5D6mb2HPMDu3jVC0" alt="" width="880" height="648"></a></p> <p><a href="https://kubevirt.io/labs/kubernetes/lab2.html">Experiment with CDI | KubeVirt.io</a></p> <p>KubeVirt Manager offre également une intégration avec Prometheus (et donc potentiellement à Grafana).</p> <p><a href="https://github.com/kubevirt-manager/kubevirt-manager#prometheus-integration">GitHub - kubevirt-manager/kubevirt-manager: Kubevirt Web UI / Web Interface Manager</a></p> <p>Ce projet encore jeune est en toujours développement et des fonctionnalités plus avancées sur le contrôle des machines virtuelles sont à espérer …</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jcG_uVLk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1000/0%2AYmVyW6IaiUM5JIJ_.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jcG_uVLk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1000/0%2AYmVyW6IaiUM5JIJ_.jpg" alt="" width="880" height="440"></a></p> <p>À suivre !</p> kubernetes docker azure virtualisation Karim Wed, 01 Mar 2023 23:37:04 +0000 https://forem.com/deep75/empaqueter-jupyterlite-pour-etre-deploye-sur-la-plateforme-globale-dapplications-flyio--2gdh https://forem.com/deep75/empaqueter-jupyterlite-pour-etre-deploye-sur-la-plateforme-globale-dapplications-flyio--2gdh <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--c7LJYDyH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/0%2A-aryh-0JkriAcYZr" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--c7LJYDyH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/0%2A-aryh-0JkriAcYZr" alt="" width="880" height="433"></a></p> <p>Fly.io (que certains présentent comme la principale alternative à Heroku) est, comme beaucoup de plateformes d’infrastructure, un système complexe construit sur un certain nombre de projets open source avec notamment Nomad, Consul et Vault de Hashicorp.</p> <p>Au cœur de l’exécution des applications se trouve une variante de Firecracker d’Amazon. Et une surveillance avec des tableaux de bord utilisant Prometheus et Grafana.</p> <p><a href="https://dev.to/deep75/load-balancing-avec-haproxy-nomad-et-consul--1ga4">Load Balancing avec HAProxy, Nomad et Consul …</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--yU98SxKx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/612/0%2AF7VA1n00dyBDwGH4.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--yU98SxKx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/612/0%2AF7VA1n00dyBDwGH4.jpg" alt="" width="612" height="408"></a></p> <p><a href="https://fly.io/docs/about/open-source/">Fly and Open Source</a></p> <p>Fly.io utilise des microVMs Firecracker. Il s’agit de machines virtuelles légères et sécurisées basées sur une virtualisation matérielle forte.</p> <ul> <li><a href="https://deep75.medium.com/des-clusters-kubernetes-imbriqu%C3%A9s-avec-ignite-firecracker-containerd-kind-et-rancher-34e5e92c257b">Des clusters Kubernetes imbriqués avec Ignite, Firecracker, Containerd, Kind et Rancher …</a></li> <li><a href="https://dev.to/deep75/kubefire-creer-et-gerer-des-clusters-kubernetes-en-utilisant-des-microvms-avec-firecracker--2jge">KubeFire : Créer et gèrer des clusters Kubernetes en utilisant des microVMs avec Firecracker …</a></li> <li><a href="https://deep75.medium.com/serverless-un-rapide-aper%C3%A7u-de-firecracker-dans-azure-via-de-la-virtualisation-imbriqu%C3%A9e-ef62a36147b3">Serverless : un rapide aperçu de Firecracker dans Azure via de la virtualisation imbriquée …</a></li> </ul> <p>Les machines Fly sont des VM Firecracker dotées d’une API REST rapide qui peuvent démarrer des instances en 300 ms environ, dans toutes les régions prises en charge par Fly.io.</p> <p><a href="https://fly.io/docs/machines/guides-examples/functions-with-machines/">Run User Code on Fly Machines</a></p> <p>Une des utilisations des machines est d’exécuter du code utilisateur pour étendre votre service, ou comme un service en soi. On appelle parfois cela “Functions-as-a-Service” (FaaS). L’idée générale est la suivante :</p> <blockquote> <p>emballer le code des utilisateurs</p> <p>définir un environnement d’exécution</p> <p>lancer le code dans une VM</p> <p>puis éteindre la VM lorsqu’elle est inactive afin d’économiser sur les factures de calcul.</p> <p>Le tout en facturant les utilisateurs à la demande ! …</p> </blockquote> <p>Je vais m’interesser ici au projet JupyterLite. JupyterLite est en effet une distribution JupyterLab qui s’exécute entièrement dans le navigateur, construite de A à Z à partir de composants et d’extensions JupyterLab.</p> <p><a href="https://jupyterlite.readthedocs.io/en/latest/">JupyterLite - JupyterLite 0.1.0-beta.18 documentation</a></p> <p>Bien que JupyterLite soit actuellement développé par les développeurs principaux de Jupyter, le projet est encore non officiel.</p> <p><a href="https://jupyterlite.readthedocs.io/en/latest/howto/index.html">How-To Guides - JupyterLite 0.1.0-beta.18 documentation</a></p> <p>Pour cela, dans un premier temps, récupération de Mambaforge :</p> <p><a href="https://github.com/conda-forge/miniforge#mambaforge">GitHub - conda-forge/miniforge: A conda-forge distribution.</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@julia50b1000001:~<span class="nv">$ </span>wget <span class="nt">-c</span> https://github.com/conda-forge/miniforge/releases/latest/download/Mambaforge-Linux-x86_64.sh ubuntu@julia50b1000001:~<span class="nv">$ </span><span class="nb">chmod</span> +x Mambaforge-Linux-x86_64.sh ubuntu@julia50b1000001:~<span class="nv">$ </span>./Mambaforge-Linux-x86_64.sh Welcome to Mambaforge 22.11.1-4 In order to <span class="k">continue </span>the installation process, please review the license agreement. Please, press ENTER to <span class="k">continue</span> <span class="o">&gt;&gt;&gt;</span> Miniforge installer code uses BSD-3-Clause license as stated below. Installing base environment... Transaction finished installation finished. Do you wish the installer to initialize Mambaforge by running conda init? <span class="o">[</span><span class="nb">yes</span>|no] <span class="o">[</span>no] <span class="o">&gt;&gt;&gt;</span> <span class="nb">yes </span>no change /home/ubuntu/mambaforge/condabin/conda no change /home/ubuntu/mambaforge/bin/conda no change /home/ubuntu/mambaforge/bin/conda-env no change /home/ubuntu/mambaforge/bin/activate no change /home/ubuntu/mambaforge/bin/deactivate no change /home/ubuntu/mambaforge/etc/profile.d/conda.sh no change /home/ubuntu/mambaforge/etc/fish/conf.d/conda.fish no change /home/ubuntu/mambaforge/shell/condabin/Conda.psm1 no change /home/ubuntu/mambaforge/shell/condabin/conda-hook.ps1 no change /home/ubuntu/mambaforge/lib/python3.10/site-packages/xontrib/conda.xsh no change /home/ubuntu/mambaforge/etc/profile.d/conda.csh modified /home/ubuntu/.bashrc <span class="o">==&gt;</span> For changes to take effect, close and re-open your current shell. &lt;<span class="o">==</span> ____ ____ / <span class="se">\ </span>/ <span class="se">\ </span>/ <span class="se">\ </span>/ <span class="se">\</span> / <span class="se">\/</span> <span class="se">\/</span> <span class="se">\/</span> <span class="se">\</span> ███████████████/ /██/ /██/ /██/ /████████████████████████ / / <span class="se">\ </span>/ <span class="se">\ </span>/ <span class="se">\ </span>/ <span class="se">\ \ </span>____ / / <span class="se">\_</span>/ <span class="se">\_</span>/ <span class="se">\_</span>/ <span class="se">\ </span>o <span class="se">\_</span>_, / _/ <span class="se">\ </span>_____ / <span class="sb">`</span> |/ ███╗ ███╗ █████╗ ███╗ ███╗██████╗ █████╗ ████╗ ████║██╔══██╗████╗ ████║██╔══██╗██╔══██╗ ██╔████╔██║███████║██╔████╔██║██████╔╝███████║ ██║╚██╔╝██║██╔══██║██║╚██╔╝██║██╔══██╗██╔══██║ ██║ ╚═╝ ██║██║ ██║██║ ╚═╝ ██║██████╔╝██║ ██║ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝ mamba <span class="o">(</span>1.1.0<span class="o">)</span> supported by @QuantStack GitHub: https://github.com/mamba-org/mamba Twitter: https://twitter.com/QuantStack █████████████████████████████████████████████████████████████ no change /home/ubuntu/mambaforge/condabin/conda no change /home/ubuntu/mambaforge/bin/conda no change /home/ubuntu/mambaforge/bin/conda-env no change /home/ubuntu/mambaforge/bin/activate no change /home/ubuntu/mambaforge/bin/deactivate no change /home/ubuntu/mambaforge/etc/profile.d/conda.sh no change /home/ubuntu/mambaforge/etc/fish/conf.d/conda.fish no change /home/ubuntu/mambaforge/shell/condabin/Conda.psm1 no change /home/ubuntu/mambaforge/shell/condabin/conda-hook.ps1 no change /home/ubuntu/mambaforge/lib/python3.10/site-packages/xontrib/conda.xsh no change /home/ubuntu/mambaforge/etc/profile.d/conda.csh no change /home/ubuntu/.bashrc No action taken. Added mamba to /home/ubuntu/.bashrc <span class="o">==&gt;</span> For changes to take effect, close and re-open your current shell. &lt;<span class="o">==</span> If you<span class="s1">'d prefer that conda'</span>s base environment not be activated on startup, <span class="nb">set </span>the auto_activate_base parameter to <span class="nb">false</span>: conda config <span class="nt">--set</span> auto_activate_base <span class="nb">false </span>Thank you <span class="k">for </span>installing Mambaforge! ubuntu@julia50b1000001:~<span class="nv">$ </span><span class="nb">source</span> .bashrc <span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span>mamba usage: mamba <span class="o">[</span><span class="nt">-h</span><span class="o">]</span> <span class="o">[</span><span class="nt">-V</span><span class="o">]</span> <span class="nb">command</span> ... conda is a tool <span class="k">for </span>managing and deploying applications, environments and packages. Options: positional arguments: <span class="nb">command </span>clean Remove unused packages and caches. compare Compare packages between conda environments. config Modify configuration values <span class="k">in</span> .condarc. This is modeled after the git config command. Writes to the user .condarc file <span class="o">(</span>/home/ubuntu/.condarc<span class="o">)</span> by default. Use the <span class="nt">--show-sources</span> flag to display all identified configuration locations on your computer. create Create a new conda environment from a list of specified packages. info Display information about current conda install. init Initialize conda <span class="k">for </span>shell interaction. <span class="nb">install </span>Installs a list of packages into a specified conda environment. list List installed packages <span class="k">in </span>a conda environment. package Low-level conda package utility. <span class="o">(</span>EXPERIMENTAL<span class="o">)</span> remove <span class="o">(</span>uninstall<span class="o">)</span> Remove a list of packages from a specified conda environment. rename Renames an existing environment. run Run an executable <span class="k">in </span>a conda environment. search Search <span class="k">for </span>packages and display associated information.The input is a MatchSpec, a query language <span class="k">for </span>conda packages. See examples below. update <span class="o">(</span>upgrade<span class="o">)</span> Updates conda packages to the latest compatible version. notices Retrieves latest channel notifications. repoquery Query repositories using mamba. options: <span class="nt">-h</span>, <span class="nt">--help</span> Show this <span class="nb">help </span>message and exit. <span class="nt">-V</span>, <span class="nt">--version</span> Show the conda version number and exit. conda commands available from other packages <span class="o">(</span>legacy<span class="o">)</span>: <span class="nb">env </span>__ ________ _______ ________ / /_ ____ _ / / / / __<span class="sb">`</span>__ <span class="se">\/</span> __<span class="sb">`</span>/__ <span class="sb">`</span> __<span class="se">\/</span>__ <span class="se">\/</span> __ <span class="sb">`</span>/ / /_/ / / / / / / /_/ / / / / / / /_/ / /_/ / / <span class="nb">.</span> ___/_/ /_/ /_/<span class="se">\_</span>_ ,_/_/ /_/ /_/_. ___/<span class="se">\_</span>_ ,_/ /_/ Transaction Prefix: /home/ubuntu/mambaforge </code></pre> </div> <p>Et installation de JupyterLite avec Pip (il sera bientôt disponible dans conda forge) :</p> <p><a href="https://github.com/jupyterlite/jupyterlite">GitHub - jupyterlite/jupyterlite: Wasm powered Jupyter running in the browser 💡</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span>python <span class="nt">-m</span> pip <span class="nb">install</span> <span class="nt">--pre</span> jupyterlite Collecting jupyterlite Downloading jupyterlite-0.1.0b18-py3-none-any.whl <span class="o">(</span>7.6 MB<span class="o">)</span> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 7.6/7.6 MB 71.3 MB/s eta 0:00:00 Collecting doit&lt;1,&gt;<span class="o">=</span>0.34 Downloading doit-0.36.0-py3-none-any.whl <span class="o">(</span>85 kB<span class="o">)</span> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 85.9/85.9 kB 17.4 MB/s eta 0:00:00 Collecting jupyter_core&gt;<span class="o">=</span>4.7 Downloading jupyter_core-5.2.0-py3-none-any.whl <span class="o">(</span>94 kB<span class="o">)</span> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 94.3/94.3 kB 19.5 MB/s eta 0:00:00 Collecting cloudpickle Downloading cloudpickle-2.2.1-py3-none-any.whl <span class="o">(</span>25 kB<span class="o">)</span> Collecting importlib-metadata&gt;<span class="o">=</span>4.4 Downloading importlib_metadata-6.0.0-py3-none-any.whl <span class="o">(</span>21 kB<span class="o">)</span> Collecting platformdirs&gt;<span class="o">=</span>2.5 Downloading platformdirs-3.0.0-py3-none-any.whl <span class="o">(</span>14 kB<span class="o">)</span> Collecting traitlets&gt;<span class="o">=</span>5.3 Downloading traitlets-5.9.0-py3-none-any.whl <span class="o">(</span>117 kB<span class="o">)</span> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 117.4/117.4 kB 21.0 MB/s eta 0:00:00 Collecting zipp&gt;<span class="o">=</span>0.5 Downloading zipp-3.15.0-py3-none-any.whl <span class="o">(</span>6.8 kB<span class="o">)</span> Installing collected packages: zipp, traitlets, platformdirs, cloudpickle, jupyter_core, importlib-metadata, doit, jupyterlite Successfully installed cloudpickle-2.2.1 doit-0.36.0 importlib-metadata-6.0.0 jupyter_core-5.2.0 jupyterlite-0.1.0b18 platformdirs-3.0.0 traitlets-5.9.0 zipp-3.15.0 </code></pre> </div> <p>Installation de quelques Kernels en accompagnement :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(base) ubuntu@julia50b1000001:~$ pip install jupyterlite-xeus-python Collecting jupyterlite-xeus-python Downloading jupyterlite_xeus_python-0.6.3-py3-none-any.whl (18.3 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 18.3/18.3 MB 4.0 MB/s eta 0:00:00 Requirement already satisfied: jupyterlite in ./mambaforge/lib/python3.10/site-packages (from jupyterlite-xeus-python) (0.1.0b18) Collecting typer Downloading typer-0.7.0-py3-none-any.whl (38 kB) Collecting empack&lt;3,&gt;=2.0.9 Downloading empack-2.0.9-py3-none-any.whl (15 kB) Requirement already satisfied: requests in ./mambaforge/lib/python3.10/site-packages (from jupyterlite-xeus-python) (2.28.2) Requirement already satisfied: traitlets in ./mambaforge/lib/python3.10/site-packages (from jupyterlite-xeus-python) (5.9.0) Collecting pyyaml Downloading PyYAML-6.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (682 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 682.2/682.2 kB 67.7 MB/s eta 0:00:00 Collecting networkx Downloading networkx-3.0-py3-none-any.whl (2.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.0/2.0 MB 73.2 MB/s eta 0:00:00 Collecting appdirs Downloading appdirs-1.4.4-py2.py3-none-any.whl (9.6 kB) Collecting pydantic Downloading pydantic-1.10.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.1 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.1/3.1 MB 116.2 MB/s eta 0:00:00 Requirement already satisfied: jupyter_core&gt;=4.7 in ./mambaforge/lib/python3.10/site-packages (from jupyterlite-&gt;jupyterlite-xeus-python) (5.2.0) Requirement already satisfied: doit&lt;1,&gt;=0.34 in ./mambaforge/lib/python3.10/site-packages (from jupyterlite-&gt;jupyterlite-xeus-python) (0.36.0) Requirement already satisfied: urllib3&lt;1.27,&gt;=1.21.1 in ./mambaforge/lib/python3.10/site-packages (from requests-&gt;jupyterlite-xeus-python) (1.26.14) Requirement already satisfied: idna&lt;4,&gt;=2.5 in ./mambaforge/lib/python3.10/site-packages (from requests-&gt;jupyterlite-xeus-python) (3.4) Requirement already satisfied: charset-normalizer&lt;4,&gt;=2 in ./mambaforge/lib/python3.10/site-packages (from requests-&gt;jupyterlite-xeus-python) (2.1.1) Requirement already satisfied: certifi&gt;=2017.4.17 in ./mambaforge/lib/python3.10/site-packages (from requests-&gt;jupyterlite-xeus-python) (2022.12.7) Collecting click&lt;9.0.0,&gt;=7.1.1 Downloading click-8.1.3-py3-none-any.whl (96 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 96.6/96.6 kB 19.1 MB/s eta 0:00:00 Requirement already satisfied: cloudpickle in ./mambaforge/lib/python3.10/site-packages (from doit&lt;1,&gt;=0.34-&gt;jupyterlite-&gt;jupyterlite-xeus-python) (2.2.1) Requirement already satisfied: importlib-metadata&gt;=4.4 in ./mambaforge/lib/python3.10/site-packages (from doit&lt;1,&gt;=0.34-&gt;jupyterlite-&gt;jupyterlite-xeus-python) (6.0.0) Requirement already satisfied: platformdirs&gt;=2.5 in ./mambaforge/lib/python3.10/site-packages (from jupyter_core&gt;=4.7-&gt;jupyterlite-&gt;jupyterlite-xeus-python) (3.0.0) Collecting typing-extensions&gt;=4.2.0 Downloading typing_extensions-4.5.0-py3-none-any.whl (27 kB) Requirement already satisfied: zipp&gt;=0.5 in ./mambaforge/lib/python3.10/site-packages (from importlib-metadata&gt;=4.4-&gt;doit&lt;1,&gt;=0.34-&gt;jupyterlite-&gt;jupyterlite-xeus-python) (3.15.0) Installing collected packages: appdirs, typing-extensions, pyyaml, networkx, click, typer, pydantic, empack, jupyterlite-xeus-python Successfully installed appdirs-1.4.4 click-8.1.3 empack-2.0.9 jupyterlite-xeus-python-0.6.3 networkx-3.0 pydantic-1.10.5 pyyaml-6.0 typer-0.7.0 typing-extensions-4.5.0 (base) ubuntu@julia50b1000001:~$ pip install jupyterlite-p5-kernel Collecting jupyterlite-p5-kernel Downloading jupyterlite_p5_kernel-0.1.1-py3-none-any.whl (21 kB) Installing collected packages: jupyterlite-p5-kernel Successfully installed jupyterlite-p5-kernel-0.1.1 (base) ubuntu@julia50b1000001:~$ pip install jupyterlite_xeus_lua Collecting jupyterlite_xeus_lua Downloading jupyterlite_xeus_lua-0.3.3-py3-none-any.whl (2.2 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.2/2.2 MB 2.6 MB/s eta 0:00:00 Installing collected packages: jupyterlite_xeus_lua Successfully installed jupyterlite_xeus_lua-0.3.3 (base) ubuntu@julia50b1000001:~$ pip install jupyterlite_xeus_wren Collecting jupyterlite_xeus_wren Downloading jupyterlite_xeus_wren-0.2.1-py3-none-any.whl (4.2 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.2/4.2 MB 3.9 MB/s eta 0:00:00 Collecting jupyter-wren-syntax Downloading jupyter_wren_syntax-0.1.1-py3-none-any.whl (68 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 68.6/68.6 kB 8.8 MB/s eta 0:00:00 Installing collected packages: jupyter-wren-syntax, jupyterlite_xeus_wren Successfully installed jupyter-wren-syntax-0.1.1 jupyterlite_xeus_wren-0.2.1 </code></pre> </div> <p>Et génération du contenu statique dans un répertoire contenant JupyterLite et ses extensions via cette commande :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span>jupyter lite build <span class="nt">--output-dir</span> dist <span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span><span class="nb">ls </span>dist/ api config-utils.js icon-120x120.png jupyter-lite.ipynb kernelspecs package.json retro bootstrap.js doc icon-512x512.png jupyter-lite.json lab piplite.schema.v0.json service-worker-b2fb40a.js build extensions index.html jupyterlite.schema.v0.json manifest.webmanifest repl tree </code></pre> </div> <blockquote> <p>Maintenant que les actifs statiques ont été construits, vous pouvez utiliser un serveur HTTP simple pour les servir et accéder à JupyterLite depuis un navigateur web.</p> </blockquote> <p>La commande <strong><em>jupyter lite serve</em></strong> offre soit un serveur web propulsé par le module <strong><em>http.server</em></strong> intégré de Python, soit <strong><em>Tornado</em></strong> , qui sera probablement disponible si d’autres outils Jupyter sont installés :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span>jupyter lite serve Serving JupyterLite Debug Server from: /home/ubuntu/dist/_output on: http://127.0.0.1:8000/index.html <span class="k">***</span>Exit by:<span class="k">***</span> - Pressing Ctrl+C </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--OSyBbEgA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AmjUJneYlznfGVFJy16pnzw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--OSyBbEgA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AmjUJneYlznfGVFJy16pnzw.png" alt="" width="880" height="623"></a></p> <p>Il ne me reste plus qu’à l’empaqueter pour le déployer dans la plateforme fly.io. Pour cela je m’inspire de la fiche documentaire consacrée au déploiement de contenus statiques :</p> <p><a href="https://fly.io/docs/languages-and-frameworks/static/">Run a Static Website</a></p> <p>Installation du client flyctl :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span>curl <span class="nt">-L</span> https://fly.io/install.sh | sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1475 0 1475 0 0 6089 0 <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- <span class="nt">--</span>:--:-- 6069 <span class="c">######################################################################## 100.0%</span> <span class="nb">set </span>channel to shell flyctl was installed successfully to /home/ubuntu/.fly/bin/flyctl Manually add the directory to your <span class="nv">$HOME</span>/.bash_profile <span class="o">(</span>or similar<span class="o">)</span> <span class="nb">export </span><span class="nv">FLYCTL_INSTALL</span><span class="o">=</span><span class="s2">"/home/ubuntu/.fly"</span> <span class="nb">export </span><span class="nv">PATH</span><span class="o">=</span><span class="s2">"</span><span class="nv">$FLYCTL_INSTALL</span><span class="s2">/bin:</span><span class="nv">$PATH</span><span class="s2">"</span> Run <span class="s1">'/home/ubuntu/.fly/bin/flyctl --help'</span> to get started <span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span>flyctl auth login <span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span>flyctl This is flyctl, the Fly.io <span class="nb">command </span>line interface. It doesn<span class="s1">'t look like you'</span>re logged <span class="k">in</span><span class="nb">.</span> Try <span class="s2">"flyctl auth signup"</span> to create an account, or <span class="s2">"flyctl auth login"</span> to log <span class="k">in </span>to an existing account. flyctl does a lot of stuff! Don<span class="s1">'t panic, it'</span>s easy to get started: <span class="k">*</span> fly launch: launch a new application <span class="o">(</span><span class="s2">"fly help launch"</span> <span class="k">for </span>more<span class="o">)</span> <span class="k">*</span> fly apps: create and manage apps <span class="o">(</span><span class="s2">"fly help apps"</span><span class="o">)</span> <span class="k">*</span> fly machines: create and manage individual Fly.io machines <span class="o">(</span><span class="s2">"fly help machines"</span><span class="o">)</span> <span class="k">*</span> fly postgres: create and manage Postgres databases <span class="o">(</span><span class="s2">"fly help postgres"</span><span class="o">)</span> <span class="k">*</span> fly redis: create and manage Redis databases <span class="o">(</span><span class="s2">"fly help redis"</span><span class="o">)</span> <span class="k">*</span> fly <span class="nb">help</span>: <span class="k">for </span>more <span class="nb">help</span>, and a <span class="nb">complete </span>list of commands. </code></pre> </div> <p>J’ajoute ce fichier Dockerfile avec ce contenu :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span><span class="nb">ls </span>Dockerfile dist mambaforge <span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span><span class="nb">cat </span>Dockerfile FROM pierrezemb/gostatic COPY ./dist/ /srv/http/ </code></pre> </div> <p>Génération du fichier fly.toml qui va servir au déploiement dans la plateforme …<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span>flyctl launch Creating app <span class="k">in</span> /home/ubuntu Scanning <span class="nb">source </span>code Detected a Dockerfile app ? Choose an app name <span class="o">(</span>leave blank to generate one<span class="o">)</span>: automatically selected personal organization: Karim Some regions require a paid plan <span class="o">(</span>fra, maa<span class="o">)</span><span class="nb">.</span> See https://fly.io/plans to <span class="nb">set </span>up a plan. ? Choose a region <span class="k">for </span>deployment: Paris, France <span class="o">(</span>cdg<span class="o">)</span> Created app old-sunset-3102 <span class="k">in </span>organization personal Admin URL: https://fly.io/apps/old-sunset-3102 Hostname: old-sunset-3102.fly.dev ? Would you like to <span class="nb">set </span>up a Postgresql database now? No ? Would you like to <span class="nb">set </span>up an Upstash Redis database now? No ? Create .dockerignore from 4 .gitignore files? No Wrote config file fly.toml ? Would you like to deploy now? No Your app is ready! Deploy with <span class="sb">`</span>flyctl deploy<span class="sb">`</span> </code></pre> </div> <p>Modifié pour prendre en compte le fait que le futur conteneur utilisera le port 8043 par défaut :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="err">(base)</span> <span class="err">ubuntu@julia</span><span class="mi">50</span><span class="err">b</span><span class="mi">1000001</span><span class="err">:~$</span> <span class="err">cat</span> <span class="err">fly.toml</span> <span class="c"># fly.toml file generated for old-sunset-3102 on 2023-03-01T22:42:29Z</span> <span class="py">app</span> <span class="p">=</span> <span class="s">"old-sunset-3102"</span> <span class="py">kill_signal</span> <span class="p">=</span> <span class="s">"SIGINT"</span> <span class="py">kill_timeout</span> <span class="p">=</span> <span class="mi">5</span> <span class="py">processes</span> <span class="p">=</span> <span class="p">[]</span> <span class="nn">[env]</span> <span class="nn">[experimental]</span> <span class="py">auto_rollback</span> <span class="p">=</span> <span class="kc">true</span> <span class="nn">[[services]]</span> <span class="py">http_checks</span> <span class="p">=</span> <span class="p">[]</span> <span class="py">internal_port</span> <span class="p">=</span> <span class="mi">8043</span> <span class="py">processes</span> <span class="p">=</span> <span class="nn">["app"]</span> <span class="py">protocol</span> <span class="p">=</span> <span class="s">"tcp"</span> <span class="py">script_checks</span> <span class="p">=</span> <span class="p">[]</span> <span class="nn">[services.concurrency]</span> <span class="py">hard_limit</span> <span class="p">=</span> <span class="mi">25</span> <span class="py">soft_limit</span> <span class="p">=</span> <span class="mi">20</span> <span class="py">type</span> <span class="p">=</span> <span class="s">"connections"</span> <span class="nn">[[services.ports]]</span> <span class="py">force_https</span> <span class="p">=</span> <span class="kc">true</span> <span class="py">handlers</span> <span class="p">=</span> <span class="nn">["http"]</span> <span class="py">port</span> <span class="p">=</span> <span class="mi">80</span> <span class="nn">[[services.ports]]</span> <span class="py">handlers</span> <span class="p">=</span> <span class="p">[</span><span class="s">"tls"</span><span class="p">,</span> <span class="s">"http"</span><span class="p">]</span> <span class="py">port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nn">[[services.tcp_checks]]</span> <span class="py">grace_period</span> <span class="p">=</span> <span class="s">"1s"</span> <span class="py">interval</span> <span class="p">=</span> <span class="s">"15s"</span> <span class="py">restart_limit</span> <span class="p">=</span> <span class="mi">0</span> <span class="py">timeout</span> <span class="p">=</span> <span class="s">"2s"</span> </code></pre> </div> <p>Lancement du déploiement :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">(</span>base<span class="o">)</span> ubuntu@julia50b1000001:~<span class="nv">$ </span>flyctl deploy <span class="o">==&gt;</span> Verifying app config <span class="nt">--</span><span class="o">&gt;</span> Verified app config <span class="o">==&gt;</span> Building image Remote builder fly-builder-small-water-3057 ready <span class="o">==&gt;</span> Creating build context <span class="nt">--</span><span class="o">&gt;</span> Creating build context <span class="k">done</span> <span class="o">==&gt;</span> Building image with Docker <span class="nt">--</span><span class="o">&gt;</span> docker host: 20.10.12 linux x86_64 <span class="o">[</span>+] Building 54.5s <span class="o">(</span>0/1<span class="o">)</span> <span class="o">[</span>+] Building 84.2s <span class="o">(</span>0/1<span class="o">)</span> <span class="o">[</span>+] Building 16.3s <span class="o">(</span>6/6<span class="o">)</span> FINISHED <span class="o">=&gt;</span> <span class="o">[</span>internal] load remote build context 0.0s <span class="o">=&gt;</span> copy /context / 11.6s <span class="o">=&gt;</span> <span class="o">[</span>internal] load metadata <span class="k">for </span>docker.io/pierrezemb/gostatic:latest 0.7s <span class="o">=&gt;</span> <span class="o">[</span>1/2] FROM docker.io/pierrezemb/gostatic@sha256:7e5718f98f2172f7c8dffd152ef0b203873ba889c8d838b2e730484fc71f6acd 0.1s <span class="o">=&gt;</span> <span class="o">=&gt;</span> resolve docker.io/pierrezemb/gostatic@sha256:7e5718f98f2172f7c8dffd152ef0b203873ba889c8d838b2e730484fc71f6acd 0.0s <span class="o">=&gt;</span> <span class="o">=&gt;</span> extracting sha256:0cf3c901807f7df57d792cd4a926ac2eb4078eb337750316dbde44bc7e7acd83 0.1s <span class="o">=&gt;</span> <span class="o">=&gt;</span> sha256:0cf3c901807f7df57d792cd4a926ac2eb4078eb337750316dbde44bc7e7acd83 1.88MB / 1.88MB 0.0s <span class="o">=&gt;</span> <span class="o">=&gt;</span> sha256:7e5718f98f2172f7c8dffd152ef0b203873ba889c8d838b2e730484fc71f6acd 2.67kB / 2.67kB 0.0s <span class="o">=&gt;</span> <span class="o">=&gt;</span> sha256:f846dcfe68518bd5a624acb44abee440deedfca894e641b7947ba494f6e0f18a 527B / 527B 0.0s <span class="o">=&gt;</span> <span class="o">=&gt;</span> sha256:37dd3994986381311fdfc59ea190c8e60c6c8c5a38f3cdec3419ee8b333c9fa9 915B / 915B 0.0s <span class="o">=&gt;</span> <span class="o">[</span>2/2] COPY ./dist/ /srv/http/ 0.3s <span class="o">=&gt;</span> exporting to image 0.5s <span class="o">=&gt;</span> <span class="o">=&gt;</span> exporting layers 0.5s <span class="o">=&gt;</span> <span class="o">=&gt;</span> writing image sha256:29bf836545e5b679b481077dc137a880d90baa8ca49839b603e5c4a2966133ea 0.0s <span class="o">=&gt;</span> <span class="o">=&gt;</span> naming to registry.fly.io/old-sunset-3102:deployment-01GTFNNV4ZS5S210YX9MPXXCNW 0.0s <span class="nt">--</span><span class="o">&gt;</span> Building image <span class="k">done</span> <span class="o">==&gt;</span> Pushing image to fly The push refers to repository <span class="o">[</span>registry.fly.io/old-sunset-3102] 688585856d25: Pushed f347b3d1982a: Pushed deployment-01GTFNNV4ZS5S210YX9MPXXCNW: digest: sha256:0c085f048ab642afe7481d6b85c4444b6ac5d3f553717a9527fa53170de9853f size: 740 <span class="nt">--</span><span class="o">&gt;</span> Pushing image <span class="k">done </span>image: registry.fly.io/old-sunset-3102:deployment-01GTFNNV4ZS5S210YX9MPXXCNW image size: 91 MB <span class="o">==&gt;</span> Creating release <span class="nt">--</span><span class="o">&gt;</span> release v2 created <span class="nt">--</span><span class="o">&gt;</span> You can detach the terminal anytime without stopping the deployment <span class="o">==&gt;</span> Monitoring deployment Logs: https://fly.io/apps/old-sunset-3102/monitoring 1 desired, 1 placed, 1 healthy, 0 unhealthy <span class="o">[</span>health checks: 1 total, 1 passing] <span class="nt">--</span><span class="o">&gt;</span> v0 deployed successfully </code></pre> </div> <p>Cette version v0 est opérationnelle :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s---URE9-m9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ah7XhfMgrqZXJZiM0dhSsvQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s---URE9-m9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ah7XhfMgrqZXJZiM0dhSsvQ.png" alt="" width="880" height="626"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--PU5-MfK9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AuHvyG23r_ylMybwZVf1gXg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--PU5-MfK9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AuHvyG23r_ylMybwZVf1gXg.png" alt="" width="880" height="421"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--C3EcKZKu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AM7l3KESZc0TDpNKXtfWDsw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--C3EcKZKu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AM7l3KESZc0TDpNKXtfWDsw.png" alt="" width="880" height="590"></a></p> <p>Accompagnée de son monitoring :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--v0BSHesR--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AwypC3_KRegnLpnA8eKpX2w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--v0BSHesR--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AwypC3_KRegnLpnA8eKpX2w.png" alt="" width="880" height="588"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--qQJ_h5Zw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AHdvesPhUvvDpQOcYOy5N_A.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--qQJ_h5Zw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AHdvesPhUvvDpQOcYOy5N_A.png" alt="" width="880" height="427"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--LJ8JbQVF--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A60M6Pu-boRuTTO0K09L5vQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--LJ8JbQVF--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A60M6Pu-boRuTTO0K09L5vQ.png" alt="" width="880" height="1463"></a></p> <p>Et les Kernels sont fonctionnels :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--SiqAmeRQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AL-p-kve1f4ZfbFJv4P-cCg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--SiqAmeRQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AL-p-kve1f4ZfbFJv4P-cCg.png" alt="" width="880" height="607"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--CKmz3qC0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AfQIrN2gEVzCBVRIGE9WQ_w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--CKmz3qC0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AfQIrN2gEVzCBVRIGE9WQ_w.png" alt="" width="880" height="582"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--c9p4X7yd--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ar06NivxvvizBZRy_mNMBfw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--c9p4X7yd--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ar06NivxvvizBZRy_mNMBfw.png" alt="" width="880" height="461"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--40SzACJ5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Al1NncoF2uNePSEB5PkMZPg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--40SzACJ5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Al1NncoF2uNePSEB5PkMZPg.png" alt="" width="880" height="582"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--0lzgKkQm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AMGJBUiVJDXUy-prvYfw42A.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--0lzgKkQm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AMGJBUiVJDXUy-prvYfw42A.png" alt="" width="880" height="607"></a></p> <p>Avec suppression à la fois du volume et du conteneur associé à la fin de cette expérience …</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--lybk58kv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Akel6itt-T5Cck9uyi5YnNw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--lybk58kv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Akel6itt-T5Cck9uyi5YnNw.png" alt="" width="880" height="586"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--tzI3gIdB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AoIax6aUsEiMyEbmAXNRH_w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--tzI3gIdB--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AoIax6aUsEiMyEbmAXNRH_w.png" alt="" width="880" height="586"></a></p> <p>Pour aller plus loin avec JupyterLite, ces prises en charges de Langages et Frameworks :</p> <p><a href="https://fly.io/docs/languages-and-frameworks/">Language &amp; Framework Guides</a></p> <p>Sachant que pour Fly.io, les orchestrateurs relient des grappes de serveurs de travail et offrent une API pour exécuter des tâches sur ces grappes avec HashiCorp Nomad et ces mécanismes exposés dans cet article :</p> <p><a href="https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/">Carving The Scheduler Out Of Our Orchestrator</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jOzGfFXZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/0%2AHw7dO99gdVDO_vJa" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jOzGfFXZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/0%2AHw7dO99gdVDO_vJa" alt="" width="880" height="464"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Up6g6P77--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/685/0%2AFAptf0oPGfd4W-rS.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Up6g6P77--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/685/0%2AFAptf0oPGfd4W-rS.jpg" alt="" width="685" height="364"></a></p> <p>À Suivre !</p> serverless docker jupyter datascience Karim Wed, 01 Mar 2023 21:32:45 +0000 https://forem.com/deep75/remplacer-metallb-par-cilium-bgp-pour-la-mise-en-oeuvre-dun-equilibreur-de-charge-dans-kubernetes--34li https://forem.com/deep75/remplacer-metallb-par-cilium-bgp-pour-la-mise-en-oeuvre-dun-equilibreur-de-charge-dans-kubernetes--34li <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Ru634Yau--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Az6LOY0mb7v8vmlYxfVGWdA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Ru634Yau--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Az6LOY0mb7v8vmlYxfVGWdA.png" alt="" width="880" height="560"></a><br> <em><a href="https://cilium.io/">https://cilium.io/</a></em></p> <p>Cilium est un logiciel open source permettant de sécuriser de manière transparente la connectivité réseau entre les services applicatifs déployés à l’aide de plateformes de gestion de conteneurs Linux comme Docker et Kubernetes.</p> <blockquote> <p>À la base de Cilium se trouve une nouvelle technologie du noyau Linux appelée eBPF, qui permet l’insertion dynamique d’une puissante logique de visibilité et de contrôle de la sécurité au sein même de Linux. Comme eBPF s’exécute à l’intérieur du noyau Linux, les politiques de sécurité de Cilium peuvent être appliquées et mises à jour sans aucune modification du code de l’application ou de la configuration du conteneur.</p> </blockquote> <p><a href="https://docs.cilium.io/en/stable/overview/intro/">Introduction to Cilium &amp; Hubble - Cilium 1.13.0 documentation</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--FG2el9uN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/770/0%2AKsmSIeIsE--n3pUT.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--FG2el9uN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/770/0%2AKsmSIeIsE--n3pUT.png" alt="" width="770" height="890"></a></p> <p><a href="https://isovalent.com/blog/post/how-the-hive-came-to-bee-a-story-of-ebpf-and-cilium-so-far/">"How the Hive Came To Bee" - a story of eBPF and Cilium so far - Isovalent</a></p> <p>BGP fournit un moyen d’annoncer des routes à l’aide de protocoles de réseau traditionnels pour permettre aux services gérés par Cilium d’être accessibles en dehors du cluster. Ici on va voir comment configurer la prise en charge native de Cilium pour annoncer les IP des services de l’équilibreur de charge et la plage CIDR de Pod d’un nœud Kubernetes via BGP.</p> <blockquote> <p>Il s’appuie sur l’implémentation simple et efficace de l’allocation d’IP de MetalLB et sur le support minimal du protocole BGP pour ce faire. La configuration de Cilium est la même que celle de MetalLB. Cette fonctionnalité demeure encore en version beta :</p> </blockquote> <ul> <li><a href="https://docs.cilium.io/en/stable/network/bgp/">BGP (beta) - Cilium 1.13.0 documentation</a></li> <li><a href="https://deep75.medium.com/d%C3%A9ploiement-dun-cluster-kubernetes-sur-du-baremetal-dans-scaleway-avec-kontena-pharos-metallb-et-7ce6a5144d16">Déploiement d’un cluster Kubernetes sur du BareMetal dans Scaleway avec Kontena Pharos, MetalLB et…</a></li> <li><a href="https://metallb.universe.tf/">MetalLB</a></li> </ul> <p>Plus précisément, si un service de type LoadBalancer est créé, Cilium lui allouera une IP à partir d’un pool spécifié. Une fois l’IP allouée, les agents annonceront via BGP en fonction de la ExternalTrafficPolicy du service. Application ici avec le lancement d’une instance dans Linode (maintenant Akamai) avec Ubuntu 22.04 LTS :</p> <p><a href="https://www.lemondeinformatique.fr/actualites/lire-akamai-prend-le-virage-du-cloud-computing-89536.html">Akamai prend le virage du cloud computing - Le Monde Informatique</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>linode-cli linodes create <span class="se">\</span> <span class="nt">--image</span> <span class="s1">'linode/ubuntu22.04'</span> <span class="se">\</span> <span class="nt">--region</span> eu-central <span class="se">\</span> <span class="nt">--type</span> g7-highmem-1 <span class="se">\</span> <span class="nt">--label</span> lxdserver<span class="se">\</span> <span class="nt">--authorized_users</span> <span class="nv">$USER</span><span class="se">\</span> <span class="nt">--booted</span> <span class="nb">true</span> <span class="se">\</span> <span class="nt">--backups_enabled</span> <span class="nb">false</span> <span class="se">\</span> <span class="nt">--private_ip</span> <span class="nb">false</span> </code></pre> </div> <p><a href="https://www.linode.com/docs/products/tools/cli/get-started/">Get Started</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Gb46goRp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AcCsKgc0t-GgXFVtBvWnyxA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Gb46goRp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AcCsKgc0t-GgXFVtBvWnyxA.png" alt="" width="880" height="200"></a></p> <p>Installation de l’hyperviseur LXD sur cette instance Ubuntu 22.04 LTS :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@localhost:~# snap <span class="nb">install </span>lxd 2023-03-01T19:27:40Z INFO Waiting <span class="k">for </span>automatic snapd restart... lxd 5.11-ad0b61e from Canonical✓ installed root@localhost:~# lxd init Would you like to use LXD clustering? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: Do you want to configure a new storage pool? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span><span class="nb">yes</span><span class="o">]</span>: Name of the new storage pool <span class="o">[</span><span class="nv">default</span><span class="o">=</span>default]: Name of the storage backend to use <span class="o">(</span>lvm, zfs, btrfs, ceph, <span class="nb">dir</span><span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>zfs]: <span class="nb">dir </span>Would you like to connect to a MAAS server? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: Would you like to create a new <span class="nb">local </span>network bridge? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span><span class="nb">yes</span><span class="o">]</span>: What should the new bridge be called? <span class="o">[</span><span class="nv">default</span><span class="o">=</span>lxdbr0]: What IPv4 address should be used? <span class="o">(</span>CIDR subnet notation, “auto” or “none”<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>auto]: What IPv6 address should be used? <span class="o">(</span>CIDR subnet notation, “auto” or “none”<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>auto]: none Would you like the LXD server to be available over the network? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: Would you like stale cached images to be updated automatically? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span><span class="nb">yes</span><span class="o">]</span>: Would you like a YAML <span class="s2">"lxd init"</span> preseed to be printed? <span class="o">(</span><span class="nb">yes</span>/no<span class="o">)</span> <span class="o">[</span><span class="nv">default</span><span class="o">=</span>no]: root@localhost:~# lxc <span class="nb">ls </span>To start your first container, try: lxc launch ubuntu:22.04 Or <span class="k">for </span>a virtual machine: lxc launch ubuntu:22.04 <span class="nt">--vm</span> +------+-------+------+------+------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+-------+------+------+------+-----------+ </code></pre> </div> <p>Configuration du profil par défaut dans LXD :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@localhost:~# ssh-keygen Generating public/private rsa key pair. Enter file <span class="k">in </span>which to save the key <span class="o">(</span>/root/.ssh/id_rsa<span class="o">)</span>: Enter passphrase <span class="o">(</span>empty <span class="k">for </span>no passphrase<span class="o">)</span>: Enter same passphrase again: Your identification has been saved <span class="k">in</span> /root/.ssh/id_rsa Your public key has been saved <span class="k">in</span> /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:Nk0YMZ5JM5i5EMOjZ/YTJ+GiWNTOhv/9jhLtVAz7f8k root@localhost The key<span class="s1">'s randomart image is: +---[RSA 3072]----+ | oo. +B. | | . =.=o.O | | . = + o=+. | | + O = ooo | | o B o =So. | |. . . +.o.. | | . * . . . | | o o. . E | | ..oo . | +----[SHA256]-----+ root@localhost:~# lxc profile show default &gt; lxd-profile-default.yaml root@localhost:~# cat lxd-profile-default.yaml config: user.user-data: | #cloud-config ssh_authorized_keys: - @@SSHPUB@@ environment.http_proxy: "" user.network_mode: "" description: Default LXD profile devices: eth0: name: eth0 network: lxdbr0 type: nic root: path: / pool: default type: disk name: default used_by: [] root@localhost:~# sed -ri "s'</span>@@SSHPUB@@<span class="s1">'$(cat ~/.ssh/id_rsa.pub)'</span><span class="s2">" lxd-profile-default.yaml root@localhost:~# lxc profile edit default &lt; lxd-profile-default.yaml </span></code></pre> </div> <p>et d’un profil dédié pour l”installation de Kubernetes :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@localhost:~# lxc profile create k8s Profile k8s created root@localhost:~# wget https://raw.githubusercontent.com/ubuntu/microk8s/master/tests/lxc/microk8s.profile <span class="nt">-O</span> microk8s.profile Resolving raw.githubusercontent.com <span class="o">(</span>raw.githubusercontent.com<span class="o">)</span>... 2606:50c0:8000::154, 2606:50c0:8001::154, 2606:50c0:8002::154, ... Connecting to raw.githubusercontent.com <span class="o">(</span>raw.githubusercontent.com<span class="o">)</span>|2606:50c0:8000::154|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 816 <span class="o">[</span>text/plain] Saving to: ‘microk8s.profile’ microk8s.profile 100%[<span class="o">=============================================================================================&gt;]</span> 816 <span class="nt">--</span>.-KB/s <span class="k">in </span>0s root@localhost:~# <span class="nb">cat </span>microk8s.profile | lxc profile edit k8s root@localhost:~# <span class="nb">rm </span>microk8s.profile </code></pre> </div> <p>Lancement de trois instances LXC avec Ubuntu 22.04 LTS et de ce profil k8s :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@localhost:~# <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>1..3<span class="o">}</span><span class="p">;</span> <span class="k">do </span>lxc launch <span class="nt">-p</span> default <span class="nt">-p</span> k8s ubuntu:22.04 k3s<span class="nv">$i</span><span class="p">;</span> <span class="k">done </span>Creating k3s1 Starting k3s1 Creating k3s2 Starting k3s2 Creating k3s3 Starting k3s3 root@localhost:~# lxc <span class="nb">ls</span> +------+---------+---------------------+------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+---------------------+------+-----------+-----------+ | k3s1 | RUNNING | 10.26.23.163 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | +------+---------+---------------------+------+-----------+-----------+ | k3s2 | RUNNING | 10.26.23.75 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | +------+---------+---------------------+------+-----------+-----------+ | k3s3 | RUNNING | 10.26.23.87 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | +------+---------+---------------------+------+-----------+-----------+ </code></pre> </div> <p>Je procède à l’installation d’un cluster k3s conformément à ce que préconise la documentation fournie par Cilium.</p> <blockquote> <p>La première étape consiste en effet à installer un nœud maître K3s en veillant à désactiver la prise en charge du plugin CNI par défaut et de l’applicateur de politique réseau intégré :</p> </blockquote> <p><a href="https://docs.cilium.io/en/v1.13/installation/k3s/">Installation Using K3s - Cilium 1.13.0 documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@localhost:~# ssh ubuntu@10.26.23.163 Warning: Permanently added <span class="s1">'10.26.23.163'</span> <span class="o">(</span>ED25519<span class="o">)</span> to the list of known hosts. The programs included with the Ubuntu system are free software<span class="p">;</span> the exact distribution terms <span class="k">for </span>each program are described <span class="k">in </span>the individual files <span class="k">in</span> /usr/share/doc/<span class="k">*</span>/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a <span class="nb">command </span>as administrator <span class="o">(</span>user <span class="s2">"root"</span><span class="o">)</span>, use <span class="s2">"sudo &lt;command&gt;"</span><span class="nb">.</span> See <span class="s2">"man sudo_root"</span> <span class="k">for </span>details. ubuntu@k3s1:~<span class="nv">$ </span>curl <span class="nt">-sfL</span> https://get.k3s.io | <span class="nv">INSTALL_K3S_EXEC</span><span class="o">=</span><span class="s1">'--flannel-backend=none --disable-network-policy'</span> sh - <span class="o">[</span>INFO] Finding release <span class="k">for </span>channel stable <span class="o">[</span>INFO] Using v1.25.6+k3s1 as release <span class="o">[</span>INFO] Downloading <span class="nb">hash </span>https://github.com/k3s-io/k3s/releases/download/v1.25.6+k3s1/sha256sum-amd64.txt <span class="o">[</span>INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.25.6+k3s1/k3s <span class="o">[</span>INFO] Verifying binary download <span class="o">[</span>INFO] Installing k3s to /usr/local/bin/k3s <span class="o">[</span>INFO] Skipping installation of SELinux RPM <span class="o">[</span>INFO] Creating /usr/local/bin/kubectl symlink to k3s <span class="o">[</span>INFO] Creating /usr/local/bin/crictl symlink to k3s <span class="o">[</span>INFO] Creating /usr/local/bin/ctr symlink to k3s <span class="o">[</span>INFO] Creating killall script /usr/local/bin/k3s-killall.sh <span class="o">[</span>INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh <span class="o">[</span>INFO] <span class="nb">env</span>: Creating environment file /etc/systemd/system/k3s.service.env <span class="o">[</span>INFO] systemd: Creating service file /etc/systemd/system/k3s.service <span class="o">[</span>INFO] systemd: Enabling k3s unit Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service. <span class="o">[</span>INFO] systemd: Starting k3s </code></pre> </div> <p>Après récupération du <strong><em>node-token</em></strong> , installation des deux workers dans ce cluster k3s :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@localhost:~# ssh ubuntu@10.26.23.75 Warning: Permanently added <span class="s1">'10.26.23.75'</span> <span class="o">(</span>ED25519<span class="o">)</span> to the list of known hosts. The programs included with the Ubuntu system are free software<span class="p">;</span> the exact distribution terms <span class="k">for </span>each program are described <span class="k">in </span>the individual files <span class="k">in</span> /usr/share/doc/<span class="k">*</span>/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a <span class="nb">command </span>as administrator <span class="o">(</span>user <span class="s2">"root"</span><span class="o">)</span>, use <span class="s2">"sudo &lt;command&gt;"</span><span class="nb">.</span> See <span class="s2">"man sudo_root"</span> <span class="k">for </span>details. ubuntu@k3s2:~<span class="nv">$ </span>curl <span class="nt">-sfL</span> https://get.k3s.io | <span class="nv">K3S_URL</span><span class="o">=</span><span class="s1">'https://10.26.23.163:6443'</span> <span class="nv">K3S_TOKEN</span><span class="o">=</span>K100df339c075cfa287710648ed7ba381667496813d04b7603150856c8c673cc07b::server:2300bb645db019e47caaa971f0f8460b sh - <span class="o">[</span>INFO] Finding release <span class="k">for </span>channel stable <span class="o">[</span>INFO] Using v1.25.6+k3s1 as release <span class="o">[</span>INFO] Downloading <span class="nb">hash </span>https://github.com/k3s-io/k3s/releases/download/v1.25.6+k3s1/sha256sum-amd64.txt <span class="o">[</span>INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.25.6+k3s1/k3s <span class="o">[</span>INFO] Verifying binary download <span class="o">[</span>INFO] Installing k3s to /usr/local/bin/k3s <span class="o">[</span>INFO] Skipping installation of SELinux RPM <span class="o">[</span>INFO] Creating /usr/local/bin/kubectl symlink to k3s <span class="o">[</span>INFO] Creating /usr/local/bin/crictl symlink to k3s <span class="o">[</span>INFO] Creating /usr/local/bin/ctr symlink to k3s <span class="o">[</span>INFO] Creating killall script /usr/local/bin/k3s-killall.sh <span class="o">[</span>INFO] Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh <span class="o">[</span>INFO] <span class="nb">env</span>: Creating environment file /etc/systemd/system/k3s-agent.service.env <span class="o">[</span>INFO] systemd: Creating service file /etc/systemd/system/k3s-agent.service <span class="o">[</span>INFO] systemd: Enabling k3s-agent unit Created symlink /etc/systemd/system/multi-user.target.wants/k3s-agent.service → /etc/systemd/system/k3s-agent.service. <span class="o">[</span>INFO] systemd: Starting k3s-agent ubuntu@k3s2:~<span class="nv">$ </span><span class="nb">exit logout </span>Connection to 10.26.23.75 closed. root@localhost:~# ssh ubuntu@10.26.23.87 Warning: Permanently added <span class="s1">'10.26.23.87'</span> <span class="o">(</span>ED25519<span class="o">)</span> to the list of known hosts. The programs included with the Ubuntu system are free software<span class="p">;</span> the exact distribution terms <span class="k">for </span>each program are described <span class="k">in </span>the individual files <span class="k">in</span> /usr/share/doc/<span class="k">*</span>/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a <span class="nb">command </span>as administrator <span class="o">(</span>user <span class="s2">"root"</span><span class="o">)</span>, use <span class="s2">"sudo &lt;command&gt;"</span><span class="nb">.</span> See <span class="s2">"man sudo_root"</span> <span class="k">for </span>details. ubuntu@k3s3:~<span class="nv">$ </span>curl <span class="nt">-sfL</span> https://get.k3s.io | <span class="nv">K3S_URL</span><span class="o">=</span><span class="s1">'https://10.26.23.163:6443'</span> <span class="nv">K3S_TOKEN</span><span class="o">=</span>K100df339c075cfa287710648ed7ba381667496813d04b7603150856c8c673cc07b::server:2300bb645db019e47caaa971f0f8460b sh - <span class="o">[</span>INFO] Finding release <span class="k">for </span>channel stable <span class="o">[</span>INFO] Using v1.25.6+k3s1 as release <span class="o">[</span>INFO] Downloading <span class="nb">hash </span>https://github.com/k3s-io/k3s/releases/download/v1.25.6+k3s1/sha256sum-amd64.txt <span class="o">[</span>INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.25.6+k3s1/k3s <span class="o">[</span>INFO] Verifying binary download <span class="o">[</span>INFO] Installing k3s to /usr/local/bin/k3s <span class="o">[</span>INFO] Skipping installation of SELinux RPM <span class="o">[</span>INFO] Creating /usr/local/bin/kubectl symlink to k3s <span class="o">[</span>INFO] Creating /usr/local/bin/crictl symlink to k3s <span class="o">[</span>INFO] Creating /usr/local/bin/ctr symlink to k3s <span class="o">[</span>INFO] Creating killall script /usr/local/bin/k3s-killall.sh <span class="o">[</span>INFO] Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh <span class="o">[</span>INFO] <span class="nb">env</span>: Creating environment file /etc/systemd/system/k3s-agent.service.env <span class="o">[</span>INFO] systemd: Creating service file /etc/systemd/system/k3s-agent.service <span class="o">[</span>INFO] systemd: Enabling k3s-agent unit Created symlink /etc/systemd/system/multi-user.target.wants/k3s-agent.service → /etc/systemd/system/k3s-agent.service. <span class="o">[</span>INFO] systemd: Starting k3s-agent ubuntu@k3s1:~<span class="nv">$ </span><span class="nb">mkdir</span> .kube <span class="o">&amp;&amp;</span> <span class="nb">sudo cp</span> /etc/rancher/k3s/k3s.yaml .kube/config <span class="o">&amp;&amp;</span> <span class="nb">sudo chown</span> <span class="nt">-R</span> <span class="nv">$USER</span> .kube/<span class="k">*</span> ubuntu@k3s1:~<span class="nv">$ </span>curl <span class="nt">-LO</span> https://storage.googleapis.com/kubernetes-release/release/v1.25.6/bin/linux/amd64/kubectl <span class="o">&amp;&amp;</span> <span class="nb">chmod</span> +x kubectl <span class="o">&amp;&amp;</span> <span class="nb">sudo rm</span> /usr/local/bin/kubectl <span class="o">&amp;&amp;</span> <span class="nb">sudo mv </span>kubectl /usr/bin ubuntu@k3s1:~<span class="nv">$ </span>kubectl cluster-info Kubernetes control plane is running at https://127.0.0.1:6443 CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy Metrics-server is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/https:metrics-server:https/proxy To further debug and diagnose cluster problems, use <span class="s1">'kubectl cluster-info dump'</span><span class="nb">.</span> ubuntu@k3s1:~<span class="nv">$ </span>kubectl get nodes <span class="nt">-o</span> wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME k3s2 NotReady &lt;none&gt; 3m31s v1.25.6+k3s1 10.26.23.75 &lt;none&gt; Ubuntu 22.04.1 LTS 5.15.0-60-generic containerd://1.6.15-k3s1 k3s3 NotReady &lt;none&gt; 3m8s v1.25.6+k3s1 10.26.23.87 &lt;none&gt; Ubuntu 22.04.1 LTS 5.15.0-60-generic containerd://1.6.15-k3s1 k3s1 NotReady control-plane,master 7m19s v1.25.6+k3s1 10.26.23.163 &lt;none&gt; Ubuntu 22.04.1 LTS 5.15.0-60-generic containerd://1.6.15-k3s1 ubuntu@k3s1:~<span class="nv">$ </span>kubectl get po,svc <span class="nt">-A</span> NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/metrics-server-5f9f776df5-jzq2f 0/1 Pending 0 7m13s kube-system pod/local-path-provisioner-79f67d76f8-tg2dj 0/1 Pending 0 7m13s kube-system pod/coredns-597584b69b-4bg2h 0/1 Pending 0 7m13s kube-system pod/helm-install-traefik-k9m7j 0/1 Pending 0 7m14s kube-system pod/helm-install-traefik-crd-4vh8j 0/1 Pending 0 7m14s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default service/kubernetes ClusterIP 10.43.0.1 &lt;none&gt; 443/TCP 7m28s kube-system service/kube-dns ClusterIP 10.43.0.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 7m25s kube-system service/metrics-server ClusterIP 10.43.252.18 &lt;none&gt; 443/TCP 7m24s </code></pre> </div> <p>Suivi de l’installation de Helm 3 :</p> <p><a href="https://helm.sh/docs/intro/install/">Installing Helm</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@k3s1:~<span class="nv">$ </span>curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash Downloading https://get.helm.sh/helm-v3.11.1-linux-amd64.tar.gz Verifying checksum... Done. Preparing to <span class="nb">install </span>helm into /usr/local/bin helm installed into /usr/local/bin/helm ubuntu@k3s1:~<span class="nv">$ </span><span class="nb">chmod </span>400 .kube/config ubuntu@k3s1:~<span class="nv">$ </span>helm <span class="nb">ls </span>NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION </code></pre> </div> <p>suivi de Cilium BGP (beta) …</p> <p><a href="https://docs.cilium.io/en/stable/network/bgp/">BGP (beta) - Cilium 1.13.0 documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@k3s1:~<span class="nv">$ </span>helm repo add cilium https://helm.cilium.io/ <span class="s2">"cilium"</span> has been added to your repositories ubuntu@k3s1:~<span class="nv">$ </span>helm repo update Hang tight <span class="k">while </span>we grab the latest from your chart repositories... ...Successfully got an update from the <span class="s2">"cilium"</span> chart repository Update Complete. ⎈Happy Helming!⎈ </code></pre> </div> <p>Le support BGP est activé en fournissant la configuration BGP via un ConfigMap et en définissant quelques valeurs avec Helm. Sinon, BGP est désactivé par défaut. Je me base pour cela sur la passerelle fournie dans LXD :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@localhost:~# ifconfig lxdbr0 lxdbr0: <span class="nv">flags</span><span class="o">=</span>4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt; mtu 1500 inet 10.26.23.1 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:16:3e:a3:ba:e8 txqueuelen 1000 <span class="o">(</span>Ethernet<span class="o">)</span> RX packets 8742 bytes 563385 <span class="o">(</span>563.3 KB<span class="o">)</span> RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18343 bytes 264191495 <span class="o">(</span>264.1 MB<span class="o">)</span> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 root@localhost:~# lxc <span class="nb">ls</span> +------+---------+---------------------+------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+---------------------+------+-----------+-----------+ | k3s1 | RUNNING | 10.26.23.163 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | +------+---------+---------------------+------+-----------+-----------+ | k3s2 | RUNNING | 10.26.23.75 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | +------+---------+---------------------+------+-----------+-----------+ | k3s3 | RUNNING | 10.26.23.87 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | +------+---------+---------------------+------+-----------+-----------+ </code></pre> </div> <p>et ce segment d’adresses IP libres :</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--iZxvrmMS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ALMl4yRG9YuXWoVOqBUlG6Q.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--iZxvrmMS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2ALMl4yRG9YuXWoVOqBUlG6Q.png" alt="" width="880" height="565"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--5Brpqw6K--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ag8To-qU2sJxVpM2A3B2Fqw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--5Brpqw6K--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Ag8To-qU2sJxVpM2A3B2Fqw.png" alt="" width="880" height="614"></a></p> <p>d’où ce fichier YAML pour la configuration :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">ubuntu@k3s1:~$ cat config.yaml</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ConfigMap</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">bgp-config</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">kube-system</span> <span class="na">data</span><span class="pi">:</span> <span class="na">config.yaml</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">peers:</span> <span class="s">- peer-address: 10.26.23.1</span> <span class="s">peer-asn: 64512</span> <span class="s">my-asn: 64512</span> <span class="s">address-pools:</span> <span class="s">- name: default</span> <span class="s">protocol: bgp</span> <span class="s">addresses:</span> <span class="s">- 10.26.23.32/27</span> <span class="s">ubuntu@k3s1:~$ kubectl apply -f config.yaml</span> <span class="s">configmap/bgp-config created</span> </code></pre> </div> <p>Installation du Pod Cilium avec Helm :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@k3s1:~<span class="nv">$ </span>helm <span class="nb">install </span>cilium cilium/cilium <span class="nt">--version</span> 1.13.0 <span class="se">\</span> <span class="nt">--namespace</span> kube-system <span class="se">\</span> <span class="nt">--set</span> bgp.enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> bgp.announce.loadbalancerIP<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> bgp.announce.podCIDR<span class="o">=</span><span class="nb">true </span>NAME: cilium LAST DEPLOYED: Wed Mar 1 20:05:18 2023 NAMESPACE: kube-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: You have successfully installed Cilium with Hubble. Your release version is 1.13.0. For any further <span class="nb">help</span>, visit https://docs.cilium.io/en/v1.13/gettinghelp </code></pre> </div> <p>Mise à jour de cette installation avec l’insertion de Cilium Hubble (avec une interface utilisateur de Hubble pouvant accéder à la carte graphique des services):</p> <ul> <li><a href="https://docs.cilium.io/en/v1.13/gettingstarted/hubble/">Service Map &amp; Hubble UI - Cilium 1.13.0 documentation</a></li> <li> <a href="https://isovalent.com/blog/post/tutorial-tips-and-tricks-to-install-cilium/">Tutorial: Tips and Tricks to install Cilium - Isovalent</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@k3s1:~<span class="nv">$ </span>helm upgrade cilium cilium/cilium <span class="nt">--version</span> 1.13.0 <span class="se">\</span> <span class="nt">--namespace</span> kube-system <span class="se">\</span> <span class="nt">--set</span> bgp.enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> bgp.announce.loadbalancerIP<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> bgp.announce.podCIDR<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> sctp.enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> hubble.enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> hubble.metrics.enabled<span class="o">=</span><span class="s2">"{dns,drop,tcp,flow,icmp,http}"</span> <span class="se">\</span> <span class="nt">--set</span> hubble.relay.enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> hubble.ui.enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> hubble.ui.service.type<span class="o">=</span>LoadBalancer <span class="se">\</span> <span class="nt">--set</span> hubble.relay.service.type<span class="o">=</span>LoadBalancer Release <span class="s2">"cilium"</span> has been upgraded. Happy Helming! NAME: cilium LAST DEPLOYED: Wed Mar 1 20:09:00 2023 NAMESPACE: kube-system STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: You have successfully installed Cilium with Hubble Relay and Hubble UI. Your release version is 1.13.0. For any further <span class="nb">help</span>, visit https://docs.cilium.io/en/v1.13/gettinghelp root@localhost:~# lxc <span class="nb">ls</span> +------+---------+--------------------------+------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+--------------------------+------+-----------+-----------+ | k3s1 | RUNNING | 10.26.23.163 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | | | | 10.0.2.99 <span class="o">(</span>cilium_host<span class="o">)</span> | | | | +------+---------+--------------------------+------+-----------+-----------+ | k3s2 | RUNNING | 10.26.23.75 <span class="o">(</span>eth0<span class="o">)</span> | | CONTAINER | 0 | | | | 10.0.0.117 <span class="o">(</span>cilium_host<span class="o">)</span> | | | | +------+---------+--------------------------+------+-----------+-----------+ | k3s3 | RUNNING | 10.0.1.16 <span class="o">(</span>cilium_host<span class="o">)</span> | | CONTAINER | 0 | +------+---------+--------------------------+------+-----------+-----------+ </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--TFwsZkNg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/373/0%2AIwQqHNenQKBU5cqB.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--TFwsZkNg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/373/0%2AIwQqHNenQKBU5cqB.jpg" alt="" width="373" height="480"></a></p> <p>Dès lors, test avec le déploiement encore une fois du sempiternel démonstrateur FC :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">ubuntu@k3s1:~$ cat &lt;&lt;EOF | kubectl apply -f -</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">4</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">image</span><span class="pi">:</span> <span class="s">mcas/franceconnect-demo2:latest</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">3000</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fcdemo-service</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">LoadBalancer</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">fcdemo3</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">3000</span> <span class="s">EOF</span> <span class="s">deployment.apps/fcdemo3 created</span> <span class="s">service/fcdemo-service created</span> <span class="s">ubuntu@k3s1:~$ kubectl get po,svc</span> <span class="s">NAME READY STATUS RESTARTS AGE</span> <span class="s">pod/fcdemo3-6bff77544b-n8x5j 1/1 Running 0 56s</span> <span class="s">pod/fcdemo3-6bff77544b-n7shv 1/1 Running 0 56s</span> <span class="s">pod/fcdemo3-6bff77544b-z6s44 1/1 Running 0 56s</span> <span class="s">pod/fcdemo3-6bff77544b-wmcrg 1/1 Running 0 56s</span> <span class="s">NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE</span> <span class="s">service/kubernetes ClusterIP 10.43.0.1 &lt;none&gt; 443/TCP 54m</span> <span class="s">service/fcdemo-service LoadBalancer 10.43.212.198 10.26.23.35 80:30918/TCP 56s</span> </code></pre> </div> <p>Et il est en effet possible à ce stade d’accéder au démonstrateur avec l’adresse IP fournie avec Cilium BGP :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@k3s1:~<span class="nv">$ </span>http http://10.26.23.35 HTTP/1.1 200 OK Connection: keep-alive Content-Length: 2740 Content-Type: text/html<span class="p">;</span> <span class="nv">charset</span><span class="o">=</span>utf-8 Date: Wed, 01 Mar 2023 20:39:41 GMT ETag: W/<span class="s2">"ab4-v8wreE8WoQJ/5EqjkvRXgbacjz4"</span> X-Powered-By: Express set-cookie: connect.sid<span class="o">=</span>s%3AiC15aGdDdBtHWW7zrIjqNiUw0Kq93-W6.WBQcxUEQIloR1IqQTlWXFRUOijoLNsdvAq4bVcSKOso<span class="p">;</span> <span class="nv">Path</span><span class="o">=</span>/<span class="p">;</span> HttpOnly &lt;<span class="o">!</span>doctype html&gt; &lt;html <span class="nv">lang</span><span class="o">=</span><span class="s2">"en"</span><span class="o">&gt;</span> &lt;<span class="nb">head</span><span class="o">&gt;</span> &lt;meta <span class="nv">charset</span><span class="o">=</span><span class="s2">"UTF-8"</span><span class="o">&gt;</span> &lt;meta <span class="nv">name</span><span class="o">=</span><span class="s2">"viewport"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"</span><span class="o">&gt;</span> &lt;meta http-equiv<span class="o">=</span><span class="s2">"X-UA-Compatible"</span> <span class="nv">content</span><span class="o">=</span><span class="s2">"ie=edge"</span><span class="o">&gt;</span> &lt;<span class="nb">link </span><span class="nv">rel</span><span class="o">=</span><span class="s2">"stylesheet"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.1/css/bulma.min.css"</span> <span class="nv">integrity</span><span class="o">=</span><span class="s2">"sha256-zIG416V1ynj3Wgju/scU80KAEWOsO5rRLfVyRDuOv7Q="</span> <span class="nv">crossorigin</span><span class="o">=</span><span class="s2">"anonymous"</span> /&gt; &lt;title&gt;Démonstrateur Fournisseur de Service&lt;/title&gt; &lt;/head&gt; &lt;body&gt; &lt;nav <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar"</span> <span class="nv">role</span><span class="o">=</span><span class="s2">"navigation"</span> aria-label<span class="o">=</span><span class="s2">"main navigation"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-start"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-brand"</span><span class="o">&gt;</span> &lt;a <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-item"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"/"</span><span class="o">&gt;</span> &lt;img <span class="nv">src</span><span class="o">=</span><span class="s2">"/img/fc_logo_v2.png"</span> <span class="nv">alt</span><span class="o">=</span><span class="s2">"Démonstrateur Fournisseur de Service"</span> <span class="nv">height</span><span class="o">=</span><span class="s2">"28"</span><span class="o">&gt;</span> &lt;/a&gt; &lt;/div&gt; &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"/"</span> <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-item"</span><span class="o">&gt;</span> Home &lt;/a&gt; &lt;/div&gt; &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-end"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"navbar-item"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"buttons"</span><span class="o">&gt;</span> &lt;a <span class="nv">class</span><span class="o">=</span><span class="s2">"button is-light"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"/login"</span><span class="o">&gt;</span>Se connecter&lt;/a&gt; &lt;/div&gt; &lt;/div&gt; &lt;/div&gt; &lt;/nav&gt; &lt;section <span class="nv">class</span><span class="o">=</span><span class="s2">"hero is-info is-medium"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"hero-body"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"container"</span><span class="o">&gt;</span> &lt;h1 <span class="nv">class</span><span class="o">=</span><span class="s2">"title"</span><span class="o">&gt;</span> Bienvenue sur le démonstrateur de fournisseur de service &lt;/h1&gt; &lt;h2 <span class="nv">class</span><span class="o">=</span><span class="s2">"subtitle"</span><span class="o">&gt;</span> Cliquez sur <span class="s2">"se connecter"</span> pour vous connecter via &lt;strong&gt;FranceConnect&lt;/strong&gt; &lt;/h2&gt; &lt;/div&gt; &lt;/div&gt; &lt;/section&gt; &lt;section <span class="nv">class</span><span class="o">=</span><span class="s2">"section is-small"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"container"</span><span class="o">&gt;</span> &lt;h1 <span class="nv">class</span><span class="o">=</span><span class="s2">"title"</span><span class="o">&gt;</span>Récupérer vos données via FranceConnect&lt;/h1&gt; &lt;p&gt;Pour récupérer vos données via &lt;strong&gt;FranceConnect&lt;/strong&gt; cliquez sur le bouton ci-dessous&lt;/p&gt; &lt;/div&gt; &lt;/section&gt; &lt;section <span class="nv">class</span><span class="o">=</span><span class="s2">"section is-small"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"container has-text-centered"</span><span class="o">&gt;</span> &lt;<span class="o">!</span><span class="nt">--</span> FC btn <span class="nt">--</span><span class="o">&gt;</span> &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"/data"</span> <span class="nv">class</span><span class="o">=</span><span class="s2">"button is-link"</span><span class="o">&gt;</span>Récupérer mes données via FranceConnect&lt;/a&gt; &lt;/div&gt; &lt;/section&gt; &lt;footer <span class="nv">class</span><span class="o">=</span><span class="s2">"footer custom-content"</span><span class="o">&gt;</span> &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"content has-text-centered"</span><span class="o">&gt;</span> &lt;p&gt; &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"https://partenaires.franceconnect.gouv.fr/fcp/fournisseur-service"</span> <span class="nv">target</span><span class="o">=</span><span class="s2">"_blank"</span> <span class="nv">alt</span><span class="o">=</span><span class="s2">"lien vers la documentation France Connect"</span><span class="o">&gt;</span> &lt;strong&gt;Documentation FranceConnect Partenaires&lt;/strong&gt; &lt;/a&gt; &lt;/p&gt; &lt;/div&gt; &lt;/footer&gt; &lt;<span class="o">!</span><span class="nt">--</span> This script brings the FranceConnect tools modal which <span class="nb">enable</span> <span class="s2">"disconnect"</span>, <span class="s2">"see connection history"</span> and <span class="s2">"see FC FAQ"</span> features <span class="nt">--</span><span class="o">&gt;</span> &lt;script <span class="nv">src</span><span class="o">=</span><span class="s2">"https://fcp.integ01.dev-franceconnect.fr/js/franceconnect.js"</span><span class="o">&gt;</span>&lt;/script&gt; &lt;/body&gt; &lt;/html&gt; </code></pre> </div> <p>Pour plus de clarté, exposition via Ngrok :</p> <p><a href="https://ngrok.com/download">ngrok - download</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@k3s1:~<span class="nv">$ </span>curl <span class="nt">-s</span> https://ngrok-agent.s3.amazonaws.com/ngrok.asc | <span class="nb">sudo tee</span> /etc/apt/trusted.gpg.d/ngrok.asc <span class="o">&gt;</span>/dev/null <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="s2">"deb https://ngrok-agent.s3.amazonaws.com buster main"</span> | <span class="nb">sudo tee</span> /etc/apt/sources.list.d/ngrok.list <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install </span>ngrok ubuntu@k3s1:~<span class="nv">$ </span>ngrok http 10.26.23.35:80 ngrok <span class="o">(</span>Ctrl+C to quit<span class="o">)</span> Add Okta or Azure to protect your ngrok dashboard with SSO: https://ngrok.com/dashSSO Session Status online Account eddi now <span class="o">(</span>Plan: Free<span class="o">)</span> Version 3.1.1 Region Europe <span class="o">(</span>eu<span class="o">)</span> Latency - Web Interface http://127.0.0.1:4040 Forwarding https://f1e1-172-105-130-186.eu.ngrok.io -&gt; http://10.26.23.35:80 Connections ttl opn rt1 rt5 p50 p90 0 0 0.00 0.00 0.00 0.00 </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--AOZEfTw---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A2wTYFmckkugU5tvScw9nSg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--AOZEfTw---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A2wTYFmckkugU5tvScw9nSg.png" alt="" width="880" height="601"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--TY0dAQ9s--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AFA6OQ_K1CHvwUn8BxG3Y-Q.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--TY0dAQ9s--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AFA6OQ_K1CHvwUn8BxG3Y-Q.png" alt="" width="880" height="601"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--1VTxrk9S--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2APBSUifmNDDVy5_vQdOJTuA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--1VTxrk9S--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2APBSUifmNDDVy5_vQdOJTuA.png" alt="" width="880" height="424"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--F6EOJGY7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A-5--8ahDQKp7ng4BHV2f5Q.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--F6EOJGY7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A-5--8ahDQKp7ng4BHV2f5Q.png" alt="" width="880" height="589"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--yYV8WLYx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A4O6xnH-Xf99QvugxgA_RiA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--yYV8WLYx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A4O6xnH-Xf99QvugxgA_RiA.png" alt="" width="880" height="441"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jO-uVE29--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AaYQOaTVfyMLqrjHg6PTF3w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jO-uVE29--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AaYQOaTVfyMLqrjHg6PTF3w.png" alt="" width="880" height="431"></a></p> <p>Un petit regard côté observabilité dans Cilium avec Hubble et son interface graphique fournie également en mode LoadBalancer :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@k3s1:~<span class="nv">$ </span>kubectl get svc <span class="nt">-A</span> NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE default kubernetes ClusterIP 10.43.0.1 &lt;none&gt; 443/TCP 72m kube-system kube-dns ClusterIP 10.43.0.10 &lt;none&gt; 53/UDP,53/TCP,9153/TCP 72m kube-system metrics-server ClusterIP 10.43.252.18 &lt;none&gt; 443/TCP 72m kube-system hubble-peer ClusterIP 10.43.92.181 &lt;none&gt; 443/TCP 49m kube-system traefik LoadBalancer 10.43.155.56 10.26.23.32 80:30264/TCP,443:31266/TCP 48m kube-system hubble-relay LoadBalancer 10.43.128.151 10.26.23.33 80:31405/TCP 45m kube-system hubble-metrics ClusterIP None &lt;none&gt; 9965/TCP 45m kube-system hubble-ui LoadBalancer 10.43.66.116 10.26.23.34 80:30183/TCP 45m default fcdemo-service LoadBalancer 10.43.212.198 10.26.23.35 80:30918/TCP 19m root@localhost:~# ssh <span class="nt">-L</span> 0.0.0.0:80:10.43.66.116:80 ubuntu@10.26.23.163 </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--bu88pxH0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AlKKMOBivgzXiyZ7Ca_6v4A.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--bu88pxH0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AlKKMOBivgzXiyZ7Ca_6v4A.png" alt="" width="880" height="454"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--GDSHPwKs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AE4MN4MTQpZXo8amujHKpbA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--GDSHPwKs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2AE4MN4MTQpZXo8amujHKpbA.png" alt="" width="880" height="427"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--tI76yfmZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Agy8_zAXhjHbuemwKG9v2sA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--tI76yfmZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2Agy8_zAXhjHbuemwKG9v2sA.png" alt="" width="880" height="430"></a></p> <p>Il faut noter qu’il est également offert la possibilité de configurer l’équilibrage de charge par proxy pour les services Kubernetes en utilisant Cilium.</p> <blockquote> <p>Ce qui est utile pour des cas d’utilisation tels que l’équilibrage de charge gRPC.</p> <p>Une fois activé, le trafic vers un service Kubernetes sera redirigé vers un proxy Envoy géré par Cilium pour l’équilibrage de charge. Cette fonctionnalité est indépendante de la fonctionnalité Kubernetes Ingress Support (Proxy Load Balancing for Kubernetes Services (beta)) :</p> </blockquote> <p><a href="https://docs.cilium.io/en/latest/network/servicemesh/envoy-load-balancing/">Proxy Load Balancing for Kubernetes Services (beta) - Cilium 1.13.0 documentation</a></p> <p>Test avec ce déploiement comprenant notamment des charges de travail de test consistant en un client de déploiement et un service echo-service avec deux Pods en backend :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@k3s1:~<span class="nv">$ </span>kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/cilium/cilium/HEAD/examples/kubernetes/servicemesh/envoy/test-application-proxy-loadbalancing.yaml configmap/coredns-configmap created deployment.apps/client created deployment.apps/echo-service created service/echo-service created ubuntu@k3s1:~<span class="nv">$ </span>watch <span class="nt">-c</span> kubectl get po,svc <span class="nt">-A</span> ubuntu@k3s1:~<span class="nv">$ CLIENT</span><span class="o">=</span><span class="si">$(</span>kubectl get pods <span class="nt">-l</span> <span class="nv">name</span><span class="o">=</span>client <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.items[0].metadata.name}'</span><span class="si">)</span> ubuntu@k3s1:~<span class="nv">$ </span>kubectl <span class="nb">exec</span> <span class="nt">-it</span> <span class="nv">$CLIENT</span> <span class="nt">--</span> curl <span class="nt">-v</span> echo-service:8080/ <span class="k">*</span> Trying 10.43.199.92:8080... <span class="k">*</span> Connected to echo-service <span class="o">(</span>10.43.199.92<span class="o">)</span> port 8080 <span class="o">(</span><span class="c">#0)</span> <span class="o">&gt;</span> GET / HTTP/1.1 <span class="o">&gt;</span> Host: echo-service:8080 <span class="o">&gt;</span> User-Agent: curl/7.83.1 <span class="o">&gt;</span> Accept: <span class="k">*</span>/<span class="k">*</span> <span class="o">&gt;</span> <span class="k">*</span> Mark bundle as not supporting multiuse &lt; HTTP/1.1 200 OK &lt; X-Powered-By: Express &lt; Vary: Origin, Accept-Encoding &lt; Access-Control-Allow-Credentials: <span class="nb">true</span> &lt; Accept-Ranges: bytes &lt; Cache-Control: public, max-age<span class="o">=</span>0 &lt; Last-Modified: Wed, 21 Sep 2022 10:25:56 GMT &lt; ETag: W/<span class="s2">"809-1835f952f20"</span> &lt; Content-Type: text/html<span class="p">;</span> <span class="nv">charset</span><span class="o">=</span>UTF-8 &lt; Content-Length: 2057 &lt; Date: Wed, 01 Mar 2023 21:12:11 GMT &lt; Connection: keep-alive &lt; Keep-Alive: <span class="nb">timeout</span><span class="o">=</span>5 &lt; &lt;html&gt; &lt;<span class="nb">head</span><span class="o">&gt;</span> &lt;<span class="nb">link </span><span class="nv">rel</span><span class="o">=</span><span class="s2">"stylesheet"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"https://use.fontawesome.com/releases/v5.8.2/css/all.css"</span> <span class="nv">integrity</span><span class="o">=</span><span class="s2">"sha384-oS3vJWv+0UjzBfQzYUhtDYW+Pj2yciDJxpsK1OYPAYjqT085Qq/1cq5FLXAZQ7Ay"</span> <span class="nv">crossorigin</span><span class="o">=</span><span class="s2">"anonymous"</span> /&gt; &lt;<span class="nb">link </span><span class="nv">rel</span><span class="o">=</span><span class="s2">"stylesheet"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"style.css"</span> /&gt; &lt;title&gt;JSON Server&lt;/title&gt; &lt;/head&gt; &lt;body&gt; &lt;header&gt; &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"container"</span><span class="o">&gt;</span> &lt;nav&gt; &lt;ul&gt; &lt;li <span class="nv">class</span><span class="o">=</span><span class="s2">"title"</span><span class="o">&gt;</span> JSON Server &lt;/li&gt; &lt;li&gt; &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"https://github.com/users/typicode/sponsorship"</span><span class="o">&gt;</span> &lt;i <span class="nv">class</span><span class="o">=</span><span class="s2">"fas fa-heart"</span><span class="o">&gt;</span>&lt;/i&gt;GitHub Sponsors &lt;/a&gt; &lt;/li&gt; &lt;li&gt; &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"https://my-json-server.typicode.com"</span><span class="o">&gt;</span> &lt;i <span class="nv">class</span><span class="o">=</span><span class="s2">"fas fa-burn"</span><span class="o">&gt;</span>&lt;/i&gt;My JSON Server &lt;/a&gt; &lt;/li&gt; &lt;li&gt; &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"https://thanks.typicode.com"</span><span class="o">&gt;</span> &lt;i <span class="nv">class</span><span class="o">=</span><span class="s2">"far fa-laugh"</span><span class="o">&gt;</span>&lt;/i&gt;Supporters &lt;/a&gt; &lt;/li&gt; &lt;/ul&gt; &lt;/nav&gt; &lt;/div&gt; &lt;/header&gt; &lt;main&gt; &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"container"</span><span class="o">&gt;</span> &lt;h1&gt;Congrats!&lt;/h1&gt; &lt;p&gt; You<span class="s1">'re successfully running JSON Server &lt;br /&gt; ✧*｡٩(ˊᗜˋ*)و✧*｡ &lt;/p&gt; &lt;div id="resources"&gt;&lt;/div&gt; &lt;p&gt; To access and modify resources, you can use any HTTP method: &lt;/p&gt; &lt;p&gt; &lt;code&gt;GET&lt;/code&gt; &lt;code&gt;POST&lt;/code&gt; &lt;code&gt;PUT&lt;/code&gt; &lt;code&gt;PATCH&lt;/code&gt; &lt;code&gt;DELETE&lt;/code&gt; &lt;code&gt;OPTIONS&lt;/code&gt; &lt;/p&gt; &lt;div id="custom-routes"&gt;&lt;/div&gt; &lt;h1&gt;Documentation&lt;/h1&gt; &lt;p&gt; &lt;a href="https://github.com/typicode/json-server"&gt; README &lt;/a&gt; &lt;/p&gt; &lt;/div&gt; &lt;/main&gt; &lt;footer&gt; &lt;div class="container"&gt; &lt;p&gt; To replace this page, create a &lt;code&gt;./public/index.html&lt;/code&gt; file. &lt;/p&gt; &lt;/div&gt; &lt;/footer&gt; &lt;script src="script.js"&gt;&lt;/script&gt; &lt;/body&gt; &lt;/html&gt; * Connection #0 to host echo-service left intact </span></code></pre> </div> <p>L’ajout d’une politique en couche 7 introduit le proxy Envoy dans le chemin de ce trafic. La requête passant maintenant par le proxy Envoy et se dirigeant ensuite vers le backend …<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ubuntu@k3s1:~<span class="nv">$ </span>kubectl annotate service echo-service service.cilium.io/lb-l7<span class="o">=</span>enabled service/echo-service annotated ubuntu@k3s1:~<span class="nv">$ </span>kubectl <span class="nb">exec</span> <span class="nt">-it</span> <span class="nv">$CLIENT</span> <span class="nt">--</span> curl <span class="nt">-v</span> echo-service:8080/ <span class="k">*</span> Trying 10.43.199.92:8080... <span class="k">*</span> Connected to echo-service <span class="o">(</span>10.43.199.92<span class="o">)</span> port 8080 <span class="o">(</span><span class="c">#0)</span> <span class="o">&gt;</span> GET / HTTP/1.1 <span class="o">&gt;</span> Host: echo-service:8080 <span class="o">&gt;</span> User-Agent: curl/7.83.1 <span class="o">&gt;</span> Accept: <span class="k">*</span>/<span class="k">*</span> <span class="o">&gt;</span> <span class="k">*</span> Mark bundle as not supporting multiuse &lt; HTTP/1.1 200 OK &lt; X-Powered-By: Express &lt; Vary: Origin, Accept-Encoding &lt; Access-Control-Allow-Credentials: <span class="nb">true</span> &lt; Accept-Ranges: bytes &lt; Cache-Control: public, max-age<span class="o">=</span>0 &lt; Last-Modified: Wed, 21 Sep 2022 10:25:56 GMT &lt; ETag: W/<span class="s2">"809-1835f952f20"</span> &lt; Content-Type: text/html<span class="p">;</span> <span class="nv">charset</span><span class="o">=</span>UTF-8 &lt; Content-Length: 2057 &lt; Date: Wed, 01 Mar 2023 21:12:33 GMT &lt; Connection: keep-alive &lt; Keep-Alive: <span class="nb">timeout</span><span class="o">=</span>5 &lt; &lt;html&gt; &lt;<span class="nb">head</span><span class="o">&gt;</span> &lt;<span class="nb">link </span><span class="nv">rel</span><span class="o">=</span><span class="s2">"stylesheet"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"https://use.fontawesome.com/releases/v5.8.2/css/all.css"</span> <span class="nv">integrity</span><span class="o">=</span><span class="s2">"sha384-oS3vJWv+0UjzBfQzYUhtDYW+Pj2yciDJxpsK1OYPAYjqT085Qq/1cq5FLXAZQ7Ay"</span> <span class="nv">crossorigin</span><span class="o">=</span><span class="s2">"anonymous"</span> /&gt; &lt;<span class="nb">link </span><span class="nv">rel</span><span class="o">=</span><span class="s2">"stylesheet"</span> <span class="nv">href</span><span class="o">=</span><span class="s2">"style.css"</span> /&gt; &lt;title&gt;JSON Server&lt;/title&gt; &lt;/head&gt; &lt;body&gt; &lt;header&gt; &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"container"</span><span class="o">&gt;</span> &lt;nav&gt; &lt;ul&gt; &lt;li <span class="nv">class</span><span class="o">=</span><span class="s2">"title"</span><span class="o">&gt;</span> JSON Server &lt;/li&gt; &lt;li&gt; &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"https://github.com/users/typicode/sponsorship"</span><span class="o">&gt;</span> &lt;i <span class="nv">class</span><span class="o">=</span><span class="s2">"fas fa-heart"</span><span class="o">&gt;</span>&lt;/i&gt;GitHub Sponsors &lt;/a&gt; &lt;/li&gt; &lt;li&gt; &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"https://my-json-server.typicode.com"</span><span class="o">&gt;</span> &lt;i <span class="nv">class</span><span class="o">=</span><span class="s2">"fas fa-burn"</span><span class="o">&gt;</span>&lt;/i&gt;My JSON Server &lt;/a&gt; &lt;/li&gt; &lt;li&gt; &lt;a <span class="nv">href</span><span class="o">=</span><span class="s2">"https://thanks.typicode.com"</span><span class="o">&gt;</span> &lt;i <span class="nv">class</span><span class="o">=</span><span class="s2">"far fa-laugh"</span><span class="o">&gt;</span>&lt;/i&gt;Supporters &lt;/a&gt; &lt;/li&gt; &lt;/ul&gt; &lt;/nav&gt; &lt;/div&gt; &lt;/header&gt; &lt;main&gt; &lt;div <span class="nv">class</span><span class="o">=</span><span class="s2">"container"</span><span class="o">&gt;</span> &lt;h1&gt;Congrats!&lt;/h1&gt; &lt;p&gt; You<span class="s1">'re successfully running JSON Server &lt;br /&gt; ✧*｡٩(ˊᗜˋ*)و✧*｡ &lt;/p&gt; &lt;div id="resources"&gt;&lt;/div&gt; &lt;p&gt; To access and modify resources, you can use any HTTP method: &lt;/p&gt; &lt;p&gt; &lt;code&gt;GET&lt;/code&gt; &lt;code&gt;POST&lt;/code&gt; &lt;code&gt;PUT&lt;/code&gt; &lt;code&gt;PATCH&lt;/code&gt; &lt;code&gt;DELETE&lt;/code&gt; &lt;code&gt;OPTIONS&lt;/code&gt; &lt;/p&gt; &lt;div id="custom-routes"&gt;&lt;/div&gt; &lt;h1&gt;Documentation&lt;/h1&gt; &lt;p&gt; &lt;a href="https://github.com/typicode/json-server"&gt; README &lt;/a&gt; &lt;/p&gt; &lt;/div&gt; &lt;/main&gt; &lt;footer&gt; &lt;div class="container"&gt; &lt;p&gt; To replace this page, create a &lt;code&gt;./public/index.html&lt;/code&gt; file. &lt;/p&gt; &lt;/div&gt; &lt;/footer&gt; &lt;script src="script.js"&gt;&lt;/script&gt; &lt;/body&gt; &lt;/html&gt; * Connection #0 to host echo-service left intact </span></code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--43jL5yox--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A4lpScjJ1E6QZ27bvt6bsOA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--43jL5yox--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/1024/1%2A4lpScjJ1E6QZ27bvt6bsOA.png" alt="" width="880" height="423"></a></p> <p>Cilium et kube-router coopèrent pour utiliser kube-router pour le peering BGP et la propagation des routes et Cilium pour l’application des politiques et l’équilibrage des charges.</p> <p><a href="https://docs.cilium.io/en/stable/network/kube-router/">Using Kube-Router to Run BGP - Cilium 1.13.0 documentation</a></p> <p>ou de l’utilisation conjointe de BIRD :</p> <p><a href="https://docs.cilium.io/en/stable/network/bird/">Using BIRD to run BGP - Cilium 1.13.0 documentation</a></p> <p>Le routage à travers les clusters Kubernetes est offert avec Cluster Mesh :</p> <p><a href="https://isovalent.com/blog/post/topology-aware-routing-and-service-mesh-across-clusters-with-cluster-mesh/">Topology Aware Routing across Clusters with Cluster Mesh</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--2jNGonHP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/800/0%2AsZ42xax8KYQmcXZt.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--2jNGonHP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/800/0%2AsZ42xax8KYQmcXZt.png" alt="" width="800" height="420"></a></p> <p>Récapitulatif des nouveautés induites dans la dernière version de Cilium et quelques liens supplémentaires …</p> <p><a href="https://isovalent.com/blog/post/cilium-release-113/">Cilium 1.13 - Gateway API, mTLS datapath, Service Mesh, BIG TCP, SBOM, SNI NetworkPolicy, ... - Isovalent</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Gfnmeafg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/593/0%2AV_R__t6pxI9qFBpD.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Gfnmeafg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://cdn-images-1.medium.com/max/593/0%2AV_R__t6pxI9qFBpD.jpg" alt="" width="593" height="421"></a></p> kubernetes networking loadbalancing docker