Forem: Jonatan Ezron The latest articles on Forem by Jonatan Ezron (@jonatan5524). https://forem.com/jonatan5524 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F551774%2Fe9f3566e-4003-49c7-a0c1-af3f80d0765b.jpg Forem: Jonatan Ezron https://forem.com/jonatan5524 en Build own Kubernetes  - Mid Sum up Jonatan Ezron Mon, 12 Dec 2022 20:58:13 +0000 https://forem.com/jonatan5524/build-own-kubernetes-mid-sum-up-4n47 https://forem.com/jonatan5524/build-own-kubernetes-mid-sum-up-4n47 <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>In this post, I will go into what we implemented so far from an architectural design perspective, how Kubernetes actually works from the inside and what will do going forward. </p> <h2> What we have done so far? </h2> <p>So Until this point, we implemented a basic creation of pods, nodes, services, and inner and outer networks of the nodes.<br> The flow is as followed:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6115rqm9mb28rm9qj0kx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6115rqm9mb28rm9qj0kx.png" alt="Image description" width="419" height="238"></a></p> <p>So the client with the own-kubernetes CLI creates a node, and the node is created with Docker. Then the client sends an HTTP request to the IP and port of the node to create a pod and with that all of its networking.</p> <h2> How Kubernetes works from the inside? </h2> <p>So in Kubernetes, the design is that the master node (in our case our environment) has an etcd DB which is a key-value DB that is the source of truth of the cluster, and every interaction with the etcd is with the Kubernetes API.<br> The following flow is taken from the book Kubernetes in Action by Marko Luksa, highly recommended for anyone that wants to learn everything about Kubernetes and its inside:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flt9fmvt4zbbpu6b3knpp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flt9fmvt4zbbpu6b3knpp.png" alt="Image description" width="499" height="217"></a></p> <p>So the way Kubernetes works is as the chart above, let's say we want to create a single Pod:<br> the kubectl makes a request to the Kubernetes API (usually some kubectl apply)</p> <ol> <li>the API server saves the new pod spec in etcd</li> <li>the scheduler gets a notification for a new Pod addition to the etcd without node assign and assigns a new node (with some decision conditions I will not get into)</li> <li>the kubelet inside the node it was assigned to is getting a notification and creating the new pod.</li> </ol> <p>There is also a another component that called controller manager, used to get the actual state of a resource to the desired state, usely update and delete resource and get also notification for every etcd change.</p> <h2> What we will do next? </h2> <p>So Kubernetes design is parted into components that avoid coupling, whereas our design is highly coupled and moving forward will probably be a monolith.<br> Our design will stay that way, we store the created resources in the etcd, but we will not work as decoupled components that are getting notifications, because I want this series to focus on getting a POC of minimal functionality of a working Kubernetes.<br> It was important to me to make this article before we move forward for you to realize the design we are doing is not a match to the Kubernetes design (but can be with extra work).</p> kubernetes go linux programming Build own Kubernetes  - ClusterIP and NodePort in code Jonatan Ezron Thu, 17 Nov 2022 20:40:12 +0000 https://forem.com/jonatan5524/build-own-kubernetes-clusterip-in-code-2peb https://forem.com/jonatan5524/build-own-kubernetes-clusterip-in-code-2peb <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>In the previous articles, we created the pod's network in code, in this article we are going to create a ClusterIP service.</p> <p>To establish a ClusterIP service we needed to create some iptables rules, so first, we create some iptables handlers.<br> In <code>pkg/net/iptables.go</code> we create three functions: for creating a new chain, appending a new rule to the chain, and inserting in a specific location a rule.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">net</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"github.com/jonatan5524/own-kubernetes/pkg"</span> <span class="p">)</span> <span class="k">const</span> <span class="p">(</span> <span class="n">NAT_TABLE</span> <span class="o">=</span> <span class="s">"nat"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">NewIPTablesChain</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"/usr/sbin/iptables -t %s -N %s"</span><span class="p">,</span> <span class="n">NAT_TABLE</span><span class="p">,</span> <span class="n">name</span><span class="p">),</span> <span class="no">true</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="n">rule</span> <span class="kt">string</span><span class="p">,</span> <span class="n">chain</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"/usr/sbin/iptables -t %s -A %s %s"</span><span class="p">,</span> <span class="n">NAT_TABLE</span><span class="p">,</span> <span class="n">chain</span><span class="p">,</span> <span class="n">rule</span><span class="p">),</span> <span class="no">true</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">InsertNewIPTablesRule</span><span class="p">(</span><span class="n">rule</span> <span class="kt">string</span><span class="p">,</span> <span class="n">chain</span> <span class="kt">string</span><span class="p">,</span> <span class="n">index</span> <span class="kt">int</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"/usr/sbin/iptables -t %s -I %s %d %s"</span><span class="p">,</span> <span class="n">NAT_TABLE</span><span class="p">,</span> <span class="n">chain</span><span class="p">,</span> <span class="n">index</span><span class="p">,</span> <span class="n">rule</span><span class="p">),</span> <span class="no">true</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The code above is fairly simple, we perform the commands we use in the previous article here.</p> <p>Now we create a new file for service handling: <code>pkg/service/service.go</code>, in the file we first create some constraints, and a new service struct:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">const</span> <span class="p">(</span> <span class="n">KUBE_SERVICES_CHAIN</span> <span class="o">=</span> <span class="s">"KUBE-SERVICES"</span> <span class="n">CLUSTER_IP_SERVICE_PREFIX</span> <span class="o">=</span> <span class="s">"KUBE-SVC"</span> <span class="n">KUBE_SERVICE_MARK</span> <span class="o">=</span> <span class="s">"KUBE-MARK-MASQ"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">ServiceType</span> <span class="kt">int</span> <span class="k">const</span> <span class="p">(</span> <span class="n">CluserIP</span> <span class="n">ServiceType</span> <span class="o">=</span> <span class="no">iota</span> <span class="n">NodePort</span> <span class="p">)</span> <span class="k">type</span> <span class="n">Service</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Type</span> <span class="n">ServiceType</span> <span class="n">Id</span> <span class="kt">string</span> <span class="n">IpAddr</span> <span class="kt">string</span> <span class="p">}</span> </code></pre> </div> <p>The Service struct has 3 members:</p> <ul> <li> <code>Type</code> - can be ClusterIP or NodePort</li> <li> <code>Id</code> - unique generated ID</li> <li> <code>IpAddr</code> - IP address of the service</li> </ul> <p>Next, we create a new function for initializing the new iptables chains when the node is created:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">InitKubeServicesChain</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// iptables -t nat -N KUBE-SERVICES</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">NewIPTablesChain</span><span class="p">(</span><span class="n">KUBE_SERVICES_CHAIN</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -A PREROUTING -j KUBE-SERVICES</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-j %s"</span><span class="p">,</span> <span class="n">KUBE_SERVICES_CHAIN</span><span class="p">),</span> <span class="s">"PREROUTING"</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -A OUTPUT -j KUBE-SERVICES</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-j %s"</span><span class="p">,</span> <span class="n">KUBE_SERVICES_CHAIN</span><span class="p">),</span> <span class="s">"OUTPUT"</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">initMarkChain</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -A POSTROUTING -m mark --mark 0x4000/0x4000 -j MASQUERADE</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="s">"-m mark --mark 0x4000/0x4000 -j MASQUERADE"</span><span class="p">,</span> <span class="s">"POSTROUTING"</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">initMarkChain</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// iptables -t nat -N KUBE-MARK-MASQ</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">NewIPTablesChain</span><span class="p">(</span><span class="n">KUBE_SERVICE_MARK</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="s">"-j MARK --set-xmark 0x4000/0x4000"</span><span class="p">,</span> <span class="n">KUBE_SERVICE_MARK</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>As you can see above, the function creates a new <code>KUBE-SERVICES</code> chain and adds it to the <code>PREROUTING</code> and <code>OUTPUT</code> chain, adds new <code>KUBE-MARK-MASQ</code> chai and adds it to the <code>POSTROUTING</code> chain.<br> We call this function in <code>pkg/agent/agent.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">setupIPTablesServices</span><span class="p">()</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">InitKubeServicesChain</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">startContainerd</span><span class="p">()</span> <span class="n">setupIPTablesServices</span><span class="p">()</span> <span class="n">e</span> <span class="o">:=</span> <span class="n">echo</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="n">initMiddlewares</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="n">initRoutes</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="n">e</span><span class="o">.</span><span class="n">Logger</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">Start</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">":%s"</span><span class="p">,</span> <span class="n">api</span><span class="o">.</span><span class="n">PORT</span><span class="p">)))</span> <span class="p">}</span> </code></pre> </div> <p>Next, we create a function that creates a new ClusterIP service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewClusterIPService</span><span class="p">(</span><span class="n">port</span> <span class="kt">string</span><span class="p">,</span> <span class="n">podsCidr</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Service</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">const</span> <span class="n">MAX_CHAIN_NAME</span> <span class="o">=</span> <span class="m">29</span> <span class="n">serviceName</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">GenerateNewID</span><span class="p">(</span><span class="n">CLUSTER_IP_SERVICE_PREFIX</span><span class="p">)[</span><span class="o">:</span><span class="n">MAX_CHAIN_NAME</span><span class="o">-</span><span class="nb">len</span><span class="p">(</span><span class="n">CLUSTER_IP_SERVICE_PREFIX</span><span class="p">)</span><span class="o">-</span><span class="m">1</span><span class="p">]</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">NewIPTablesChain</span><span class="p">(</span><span class="n">serviceName</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">ipAddr</span> <span class="o">:=</span> <span class="s">"172.17.10.10"</span> <span class="c">// iptables -t nat -I KUBE-SERVICES 1 ! -s podsCidr -d 1ipAddr -p tcp -m tcp --dport port -j KUBE-MARK-MASQ</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">InsertNewIPTablesRule</span><span class="p">(</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"! -s %s -d %s -p tcp -m tcp --dport %s -j %s"</span><span class="p">,</span> <span class="n">podsCidr</span><span class="p">,</span> <span class="n">ipAddr</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">KUBE_SERVICE_MARK</span><span class="p">),</span> <span class="n">KUBE_SERVICES_CHAIN</span><span class="p">,</span> <span class="m">1</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -A KUBE-SERVICES -d clusterIP -p tcp -m tcp --dport port -j ServicerName</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-d %s -p tcp -m tcp --dport %s -j %s"</span><span class="p">,</span> <span class="n">ipAddr</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">serviceName</span><span class="p">),</span> <span class="n">KUBE_SERVICES_CHAIN</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">Service</span><span class="p">{</span> <span class="n">Type</span><span class="o">:</span> <span class="n">CluserIP</span><span class="p">,</span> <span class="n">Id</span><span class="o">:</span> <span class="n">serviceName</span><span class="p">,</span> <span class="n">IpAddr</span><span class="o">:</span> <span class="n">ipAddr</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The function does as follows:</p> <ul> <li>generate a new service name</li> <li>creates a new chain</li> <li>currently, there is a hardcoded IP (in the future we will save the IPs in an etcd DB)</li> <li>insert new rules for the <code>KUBE-SERVICES</code> chain to mask the packets that are directed for the clusterIP and port and direct them to the next chain. </li> </ul> <p>Next, we have a new function that adds a new pod to the service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">AddRouteToClusterIPService</span><span class="p">(</span><span class="n">ip</span> <span class="kt">string</span><span class="p">,</span> <span class="n">port</span> <span class="kt">string</span><span class="p">,</span> <span class="n">service</span> <span class="kt">string</span><span class="p">,</span> <span class="n">index</span> <span class="kt">int</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">podService</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="n">service</span><span class="p">[</span><span class="o">:</span><span class="nb">len</span><span class="p">(</span><span class="n">service</span><span class="p">)</span><span class="o">-</span><span class="m">3</span><span class="p">]</span><span class="o">+</span><span class="s">"-%d"</span><span class="p">,</span> <span class="n">index</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">NewIPTablesChain</span><span class="p">(</span><span class="n">podService</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -A podService -s podIp -j KUBE-MARK-MASQ</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-s %s -j %s"</span><span class="p">,</span> <span class="n">ip</span><span class="p">,</span> <span class="n">KUBE_SERVICE_MARK</span><span class="p">),</span> <span class="n">podService</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -A podService -p tcp -m tcp -j DNAT --to-destination route</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-p tcp -m tcp -j DNAT --to-destination %s"</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s:%s"</span><span class="p">,</span> <span class="n">ip</span><span class="p">,</span> <span class="n">port</span><span class="p">)),</span> <span class="n">podService</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">index</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="c">// iptables -t nat -A serviceName -j podService</span> <span class="k">return</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-j %s"</span><span class="p">,</span> <span class="n">podService</span><span class="p">),</span> <span class="n">service</span><span class="p">)</span> <span class="p">}</span> <span class="c">// iptables -t nat -A service -m statistic --mode nth --every index --packet 0 -j podService</span> <span class="k">return</span> <span class="n">net</span><span class="o">.</span><span class="n">InsertNewIPTablesRule</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-m statistic --mode nth --every %d --packet 0 -j %s"</span><span class="p">,</span> <span class="n">index</span><span class="o">+</span><span class="m">1</span><span class="p">,</span> <span class="n">podService</span><span class="p">),</span> <span class="n">service</span><span class="p">,</span> <span class="m">1</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This function creates a new chain for the pod route, adds its route and mask, and adds the rule to the service chain with load balance.</p> <p>To get the running pods' IPs for later, we add a new field for the <code>RunningPod</code> struct:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>type RunningPod struct { IPAddr string Pod *Pod Task *containerd.Task exitStatusC &lt;-chan containerd.ExitStatus } </code></pre> </div> <p>And assign it when the pod is run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewPodAndRun</span><span class="p">(</span><span class="n">imageRegistry</span> <span class="kt">string</span><span class="p">,</span> <span class="n">name</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">RunningPod</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">pod</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">NewPod</span><span class="p">(</span><span class="n">imageRegistry</span><span class="p">,</span> <span class="n">name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"pod created: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Id</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"starting pod</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">runningPod</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"setting up pod network</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">podIPAddr</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">connectToNetwork</span><span class="p">(</span><span class="n">pod</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="p">(</span><span class="o">*</span><span class="n">runningPod</span><span class="o">.</span><span class="n">Task</span><span class="p">)</span><span class="o">.</span><span class="n">Pid</span><span class="p">())</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPod</span><span class="o">.</span><span class="n">IPAddr</span> <span class="o">=</span> <span class="n">podIPAddr</span> <span class="k">return</span> <span class="n">runningPod</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Now, for testing we add in the CreatePod function in <code>pkg/agent/api</code> a creation of 3 pods and a ClusterIP service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">unc</span> <span class="n">CreatePod</span><span class="p">(</span><span class="n">c</span> <span class="n">echo</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">podDto</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">podDTO</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Bind</span><span class="p">(</span><span class="n">podDto</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPod</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">NewPodAndRun</span><span class="p">(</span><span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">podDto</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// ------- test ---</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"creating cluster ip</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">clusterIPService</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">NewClusterIPService</span><span class="p">(</span><span class="s">"3001"</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s/24"</span><span class="p">,</span> <span class="n">runningPod</span><span class="o">.</span><span class="n">IPAddr</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">AddRouteToClusterIPService</span><span class="p">(</span><span class="n">runningPod</span><span class="o">.</span><span class="n">IPAddr</span><span class="p">,</span> <span class="s">"8080"</span><span class="p">,</span> <span class="n">clusterIPService</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="m">0</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPod2</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">NewPodAndRun</span><span class="p">(</span><span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">podDto</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">AddRouteToClusterIPService</span><span class="p">(</span><span class="n">runningPod2</span><span class="o">.</span><span class="n">IPAddr</span><span class="p">,</span> <span class="s">"8080"</span><span class="p">,</span> <span class="n">clusterIPService</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="m">1</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPod3</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">NewPodAndRun</span><span class="p">(</span><span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">podDto</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">AddRouteToClusterIPService</span><span class="p">(</span><span class="n">runningPod3</span><span class="o">.</span><span class="n">IPAddr</span><span class="p">,</span> <span class="s">"8080"</span><span class="p">,</span> <span class="n">clusterIPService</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="m">2</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// -------------</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusCreated</span><span class="p">,</span> <span class="n">podDTO</span><span class="p">{</span> <span class="n">ImageRegistry</span><span class="o">:</span> <span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">runningPod</span><span class="o">.</span><span class="n">Pod</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>If we build, run and create a new pod:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># create a new pod (actually creates 3 in the test)</span> ❯ curl <span class="nt">-X</span> POST localhost:49256/pods <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> <span class="nt">-d</span> <span class="s1">'{"name": "pod2", "image registry": "docker.io/cloudnativelabs/whats-my-ip:latest"}'</span> <span class="o">{</span><span class="s2">"image registry"</span>:<span class="s2">"docker.io/cloudnativelabs/whats-my-ip:latest"</span>,<span class="s2">"name"</span>:<span class="s2">"pod2-10563f40-61ae-426b-b965-b468aeafe046"</span><span class="o">}</span> <span class="c"># now we call inside the node</span> ❯ <span class="nb">sudo </span>docker <span class="nb">exec</span> <span class="nt">-it</span> fe4 /bin/bash root@fe47726fb371:/agent# curl http://172.17.0.2:3001 HOSTNAME:fe47726fb371 IP:10.0.2.3 root@fe47726fb371:/agent# curl http://172.17.0.2:3001 HOSTNAME:fe47726fb371 IP:10.0.2.2 root@fe47726fb371:/agent# curl http://172.17.0.2:3001 HOSTNAME:fe47726fb371 IP:10.0.2.4 root@fe47726fb371:/agent# curl http://172.17.0.2:3001 HOSTNAME:fe47726fb371 IP:10.0.2.3 root@fe47726fb371:/agent# curl http://172.17.0.2:3001 HOSTNAME:fe47726fb371 IP:10.0.2.2 root@fe47726fb371:/agent# curl http://172.17.0.2:3001 HOSTNAME:fe47726fb371 IP:10.0.2.4 root@fe47726fb371:/agent# curl http://172.17.0.3:3001 </code></pre> </div> <p>And we got a ClusterIP generated in code!</p> <p>Now the NodePort service is simple, first, let's move the <code>NewClusterIPService</code> and <code>AddRouteToClusterIPService</code> functions to a new file <code>pkg/service/clusterIP</code> for organizing.</p> <p>Now we add a new file <code>pkg/service/nodePort.go</code>, and we create there a new function called <code>NewNodePortService</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewNodePortService</span><span class="p">(</span><span class="n">port</span> <span class="kt">string</span><span class="p">,</span> <span class="n">podsCidr</span> <span class="kt">string</span><span class="p">,</span> <span class="n">nodeIP</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Service</span><span class="p">,</span> <span class="o">*</span><span class="n">Service</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">clusterIPService</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">NewClusterIPService</span><span class="p">(</span><span class="s">"3001"</span><span class="p">,</span> <span class="n">podsCidr</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -N KUBE-NODEPORTS</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">NewIPTablesChain</span><span class="p">(</span><span class="n">NODE_PORT_SERVICE_CHAIN</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -A KUBE-SERVICES -j KUBE-NODEPORTS</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-j %s"</span><span class="p">,</span> <span class="n">NODE_PORT_SERVICE_CHAIN</span><span class="p">),</span> <span class="n">KUBE_SERVICES_CHAIN</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -I KUBE-NODEPORTS 1 -p tcp -m tcp --dport port -j KUBE-MARK-MASQ</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">InsertNewIPTablesRule</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-p tcp -m tcp --dport %s -j %s"</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">KUBE_SERVICE_MARK</span><span class="p">),</span> <span class="n">NODE_PORT_SERVICE_CHAIN</span><span class="p">,</span> <span class="m">1</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// iptables -t nat -A KUBE-NODEPORTS -p tcp -m tcp --dport port -j clusterIPService</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">AppendNewIPTablesRule</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"-p tcp -m tcp --dport %s -j %s"</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">clusterIPService</span><span class="o">.</span><span class="n">Id</span><span class="p">),</span> <span class="n">NODE_PORT_SERVICE_CHAIN</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">clusterIPService</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">Service</span><span class="p">{</span> <span class="n">Type</span><span class="o">:</span> <span class="n">NodePort</span><span class="p">,</span> <span class="n">Id</span><span class="o">:</span> <span class="n">NODE_PORT_SERVICE_CHAIN</span><span class="p">,</span> <span class="n">IpAddr</span><span class="o">:</span> <span class="n">nodeIP</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>When a new NodePort service is created, a new ClusterIP service is created as well, we add new iptables rules and chains, and returns from the function the new ClusterIP service and the new NodePort service.</p> <p>We test the NodePort service in the same place we tested the ClusterIP service, <code>pkg/agent/api.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">CreatePod</span><span class="p">(</span><span class="n">c</span> <span class="n">echo</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">podDto</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">podDTO</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Bind</span><span class="p">(</span><span class="n">podDto</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPod</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">NewPodAndRun</span><span class="p">(</span><span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">podDto</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// ------- test ---</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"creating cluster ip</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">localIPAddr</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">GetLocalIPAddr</span><span class="p">(</span><span class="s">"eth0"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">clusterIPService</span><span class="p">,</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">NewNodePortService</span><span class="p">(</span><span class="s">"30001"</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s/24"</span><span class="p">,</span> <span class="n">runningPod</span><span class="o">.</span><span class="n">IPAddr</span><span class="p">),</span> <span class="n">localIPAddr</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">AddRouteToClusterIPService</span><span class="p">(</span><span class="n">runningPod</span><span class="o">.</span><span class="n">IPAddr</span><span class="p">,</span> <span class="s">"8080"</span><span class="p">,</span> <span class="n">clusterIPService</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="m">0</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPod2</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">NewPodAndRun</span><span class="p">(</span><span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">podDto</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">AddRouteToClusterIPService</span><span class="p">(</span><span class="n">runningPod2</span><span class="o">.</span><span class="n">IPAddr</span><span class="p">,</span> <span class="s">"8080"</span><span class="p">,</span> <span class="n">clusterIPService</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="m">1</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPod3</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">NewPodAndRun</span><span class="p">(</span><span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">podDto</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">service</span><span class="o">.</span><span class="n">AddRouteToClusterIPService</span><span class="p">(</span><span class="n">runningPod3</span><span class="o">.</span><span class="n">IPAddr</span><span class="p">,</span> <span class="s">"8080"</span><span class="p">,</span> <span class="n">clusterIPService</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="m">2</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// -------------</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusCreated</span><span class="p">,</span> <span class="n">podDTO</span><span class="p">{</span> <span class="n">ImageRegistry</span><span class="o">:</span> <span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">runningPod</span><span class="o">.</span><span class="n">Pod</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>And outside of the node:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ curl 172.18.0.2:30001 HOSTNAME:15c79bf78092 IP:10.0.2.3 ❯ curl 172.18.0.2:30001 HOSTNAME:15c79bf78092 IP:10.0.2.2 ❯ curl 172.18.0.2:30001 HOSTNAME:15c79bf78092 IP:10.0.2.4 ❯ curl 172.18.0.2:30001 HOSTNAME:15c79bf78092 IP:10.0.2.3 ❯ curl 172.18.0.2:30001 HOSTNAME:15c79bf78092 IP:10.0.2.2 </code></pre> </div> <p>And we got a NodePort generated in code! (don't forget to delete the test)</p> <p>As always, the source code can be found <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">here</a>, and the changes on the ClusterIP can be found in this <a href="https://github.com/jonatan5524/own-kubernetes/commit/4c5199720c1b42762df127dd2839cbaa7ab208f3" rel="noopener noreferrer">commit</a>, and for the NodePort can be found in this <a href="https://github.com/jonatan5524/own-kubernetes/commit/926a412748bb5b03d9c47d8633b6ce14d395a727" rel="noopener noreferrer">commit</a>.</p> kubernetes go programming linux Build own Kubernetes - Pods network in code Jonatan Ezron Sat, 05 Nov 2022 11:44:42 +0000 https://forem.com/jonatan5524/build-own-kubernetes-part-8-pods-network-in-code-a90 https://forem.com/jonatan5524/build-own-kubernetes-part-8-pods-network-in-code-a90 <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>In the previous articles, we created the pod's network using network devices and iptables rules, in this article and the next we are going to establish this in code.<br> Keep in mind, we are going to add the network functionality to the kube-agent for an easier approach, in Kubernetes the component responsible for this part is the kube-proxy</p> <p>First, we want to create a docker network when creating a node, so in <code>pkg/node/node.go</code> we create a new function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">createNetwork</span><span class="p">(</span><span class="n">cli</span> <span class="o">*</span><span class="n">client</span><span class="o">.</span><span class="n">Client</span><span class="p">,</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cli</span><span class="o">.</span><span class="n">NetworkInspect</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">NODE_DOCKER_NETWORK_NAME</span><span class="p">,</span> <span class="n">types</span><span class="o">.</span><span class="n">NetworkInspectOptions</span><span class="p">{})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="n">newNetwork</span> <span class="o">:=</span> <span class="n">types</span><span class="o">.</span><span class="n">NetworkCreate</span><span class="p">{</span><span class="n">IPAM</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">network</span><span class="o">.</span><span class="n">IPAM</span><span class="p">{</span> <span class="n">Driver</span><span class="o">:</span> <span class="s">"default"</span><span class="p">,</span> <span class="n">Config</span><span class="o">:</span> <span class="p">[]</span><span class="n">network</span><span class="o">.</span><span class="n">IPAMConfig</span><span class="p">{{</span> <span class="n">Subnet</span><span class="o">:</span> <span class="n">NODE_CIDR</span><span class="p">,</span> <span class="p">}},</span> <span class="p">}}</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">cli</span><span class="o">.</span><span class="n">NetworkCreate</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="n">NODE_DOCKER_NETWORK_NAME</span><span class="p">,</span> <span class="n">newNetwork</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The above function creates a network using the provided name and node CIDR, both of the constraints define in <code>pkg/node/constraints.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">node</span> <span class="k">import</span> <span class="s">"github.com/jonatan5524/own-kubernetes/pkg/agent/api"</span> <span class="k">const</span> <span class="p">(</span> <span class="n">NODE_NAME</span> <span class="o">=</span> <span class="s">"node"</span> <span class="n">NODE_IMAGE</span> <span class="o">=</span> <span class="s">"own-kube-node"</span> <span class="n">NODE_PORT</span> <span class="o">=</span> <span class="n">api</span><span class="o">.</span><span class="n">PORT</span> <span class="o">+</span> <span class="s">"/tcp"</span> <span class="n">NODE_PORT_HOST_IP</span> <span class="o">=</span> <span class="s">"0.0.0.0"</span> <span class="n">MEMORY_LIMIT</span> <span class="o">=</span> <span class="m">2.9e+9</span> <span class="c">// 2900MB</span> <span class="n">CPU_LIMIT</span> <span class="o">=</span> <span class="m">2</span> <span class="n">NODE_HOST_MIN_PORT</span> <span class="o">=</span> <span class="m">10250</span> <span class="n">NODE_HOST_MAX_PORT</span> <span class="o">=</span> <span class="m">10300</span> <span class="n">NODE_DOCKER_NETWORK_NAME</span> <span class="o">=</span> <span class="s">"kube-net"</span> <span class="n">NODE_CIDR</span> <span class="o">=</span> <span class="s">"172.18.0.0/24"</span> <span class="p">)</span> </code></pre> </div> <p>And now we add the network creation in the <code>NewNode</code> function, at the start of the function and <code>hostConfig</code> and ContainerCreate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewNode</span><span class="p">(</span><span class="n">cli</span> <span class="o">*</span><span class="n">client</span><span class="o">.</span><span class="n">Client</span><span class="p">,</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Node</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">createNetwork</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="o">.</span> <span class="o">.</span> <span class="o">.</span> <span class="n">hostConfig</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">container</span><span class="o">.</span><span class="n">HostConfig</span><span class="p">{</span> <span class="n">PortBindings</span><span class="o">:</span> <span class="n">nat</span><span class="o">.</span><span class="n">PortMap</span><span class="p">{</span> <span class="n">nat</span><span class="o">.</span><span class="n">Port</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s/tcp"</span><span class="p">,</span> <span class="n">api</span><span class="o">.</span><span class="n">PORT</span><span class="p">))</span><span class="o">:</span> <span class="p">[]</span><span class="n">nat</span><span class="o">.</span><span class="n">PortBinding</span><span class="p">{</span> <span class="p">{</span> <span class="n">HostIP</span><span class="o">:</span> <span class="n">NODE_PORT_HOST_IP</span><span class="p">,</span> <span class="n">HostPort</span><span class="o">:</span> <span class="s">"0"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="n">NetworkMode</span><span class="o">:</span> <span class="n">NODE_DOCKER_NETWORK_NAME</span><span class="p">,</span> <span class="n">Resources</span><span class="o">:</span> <span class="n">container</span><span class="o">.</span><span class="n">Resources</span><span class="p">{</span> <span class="n">Memory</span><span class="o">:</span> <span class="n">MEMORY_LIMIT</span><span class="p">,</span> <span class="n">CPUShares</span><span class="o">:</span> <span class="n">CPU_LIMIT</span><span class="p">,</span> <span class="p">},</span> <span class="n">Privileged</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="p">}</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">cli</span><span class="o">.</span><span class="n">ContainerCreate</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">config</span><span class="p">,</span> <span class="n">hostConfig</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">network</span><span class="o">.</span><span class="n">NetworkingConfig</span><span class="p">{},</span> <span class="no">nil</span><span class="p">,</span> <span class="n">id</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">Node</span><span class="p">{</span><span class="n">Id</span><span class="o">:</span> <span class="n">id</span><span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Now we create in <code>pkg/util.go</code> an <code>ExecuteCommand</code> function for all the commands we are going to execute in the node:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">command</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">cmd</span> <span class="o">:=</span> <span class="n">exec</span><span class="o">.</span><span class="n">Command</span><span class="p">(</span><span class="s">"bash"</span><span class="p">,</span> <span class="s">"-c"</span><span class="p">,</span> <span class="n">command</span><span class="p">)</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Stdout</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">Stdout</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Start</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"%s logs: %s"</span><span class="p">,</span> <span class="n">command</span><span class="p">,</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Stdout</span><span class="p">)</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Now for the pod's network, we add in <code>pkg/pod/service.go</code> in <code>NewPodAndRun</code> a call for a new function to connect to the network:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewPodAndRun</span><span class="p">(</span><span class="n">imageRegistry</span> <span class="kt">string</span><span class="p">,</span> <span class="n">name</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">pod</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">NewPod</span><span class="p">(</span><span class="n">imageRegistry</span><span class="p">,</span> <span class="n">name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"pod created: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Id</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"starting pod</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">runningPod</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"setting up pod network</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">connectToNetwork</span><span class="p">(</span><span class="n">pod</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="p">(</span><span class="o">*</span><span class="n">runningPod</span><span class="o">.</span><span class="n">Task</span><span class="p">)</span><span class="o">.</span><span class="n">Pid</span><span class="p">());</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">pod</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The <code>connectToNetwork</code> function creates a bridge and VXLAN if necessary, find a new available IP address and create the <code>veth</code> pair for connection:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">connectToNetwork</span><span class="p">(</span><span class="n">podId</span> <span class="kt">string</span><span class="p">,</span> <span class="n">pid</span> <span class="kt">uint32</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">netId</span> <span class="o">:=</span> <span class="n">podId</span><span class="p">[</span><span class="o">:</span><span class="m">15</span><span class="o">-</span><span class="nb">len</span><span class="p">(</span><span class="s">"veth"</span><span class="p">)</span><span class="o">-</span><span class="m">1</span><span class="p">]</span> <span class="n">podCIDR</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">generateNewNodePodCIDR</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// podCIDR: 10.0.2.0/24 -&gt; bridgeIP: 10.0.2.1/24</span> <span class="n">bridgeIP</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ReplaceAtIndex</span><span class="p">(</span><span class="n">podCIDR</span><span class="p">,</span> <span class="sc">'1'</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">podCIDR</span><span class="p">)</span><span class="o">-</span><span class="m">4</span><span class="p">)</span> <span class="k">if</span> <span class="o">!</span><span class="n">net</span><span class="o">.</span><span class="n">IsDeviceExists</span><span class="p">(</span><span class="n">BRIDGE_NAME</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">CreateBridge</span><span class="p">(</span><span class="n">BRIDGE_NAME</span><span class="p">,</span> <span class="n">bridgeIP</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if</span> <span class="o">!</span><span class="n">net</span><span class="o">.</span><span class="n">IsDeviceExists</span><span class="p">(</span><span class="n">VXLAN_NAME</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">CreateVXLAN</span><span class="p">(</span><span class="n">VXLAN_NAME</span><span class="p">,</span> <span class="n">NODE_LOCAL_NETWORK_INTERFACE</span><span class="p">,</span> <span class="n">BRIDGE_NAME</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="p">}</span> <span class="n">podIP</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">GetNextAvailableIPAddr</span><span class="p">(</span><span class="n">podCIDR</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">CreateVethPairNamespaces</span><span class="p">(</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"veth-%s"</span><span class="p">,</span> <span class="n">netId</span><span class="p">),</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ceth-%s"</span><span class="p">,</span> <span class="n">netId</span><span class="p">),</span> <span class="n">BRIDGE_NAME</span><span class="p">,</span> <span class="kt">int</span><span class="p">(</span><span class="n">pid</span><span class="p">),</span> <span class="n">podIP</span><span class="o">+</span><span class="n">podCIDR</span><span class="p">[</span><span class="nb">len</span><span class="p">(</span><span class="n">podCIDR</span><span class="p">)</span><span class="o">-</span><span class="m">3</span><span class="o">:</span><span class="p">],</span> <span class="n">bridgeIP</span><span class="p">,</span> <span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>We generate a pod CIDR for the current pod using the <code>generateNewNodePodCIDR</code> function that gets the IP address of the node and switches the x in <code>10.0.x.0/24</code> the pod CIDR template with the last byte in the IP address. For example, if our node IP address is 172.18.0.2 the pod CIDR in this node will be 10.0.2.0/24.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">generateNewNodePodCIDR</span><span class="p">()</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">localIPAddr</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">GetLocalIPAddr</span><span class="p">(</span><span class="n">NODE_LOCAL_NETWORK_INTERFACE</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// localIPAddr: 172.18.0.2 -&gt; podCIDR: 10.0.2.0/24</span> <span class="k">return</span> <span class="n">strings</span><span class="o">.</span><span class="n">ReplaceAll</span><span class="p">(</span><span class="n">POD_CIDR</span><span class="p">,</span> <span class="s">"x"</span><span class="p">,</span> <span class="kt">string</span><span class="p">(</span><span class="n">localIPAddr</span><span class="p">[</span><span class="nb">len</span><span class="p">(</span><span class="n">localIPAddr</span><span class="p">)</span><span class="o">-</span><span class="m">4</span><span class="p">])),</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>All the constraints are taken from <code>pkg/pod/constraints.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">node</span> <span class="k">import</span> <span class="s">"github.com/jonatan5524/own-kubernetes/pkg/agent/api"</span> <span class="k">const</span> <span class="p">(</span> <span class="n">NODE_NAME</span> <span class="o">=</span> <span class="s">"node"</span> <span class="n">NODE_IMAGE</span> <span class="o">=</span> <span class="s">"own-kube-node"</span> <span class="n">NODE_PORT</span> <span class="o">=</span> <span class="n">api</span><span class="o">.</span><span class="n">PORT</span> <span class="o">+</span> <span class="s">"/tcp"</span> <span class="n">NODE_PORT_HOST_IP</span> <span class="o">=</span> <span class="s">"0.0.0.0"</span> <span class="n">MEMORY_LIMIT</span> <span class="o">=</span> <span class="m">2.9e+9</span> <span class="c">// 2900MB</span> <span class="n">CPU_LIMIT</span> <span class="o">=</span> <span class="m">2</span> <span class="n">NODE_HOST_MIN_PORT</span> <span class="o">=</span> <span class="m">10250</span> <span class="n">NODE_HOST_MAX_PORT</span> <span class="o">=</span> <span class="m">10300</span> <span class="n">NODE_DOCKER_NETWORK_NAME</span> <span class="o">=</span> <span class="s">"kube-net"</span> <span class="n">NODE_CIDR</span> <span class="o">=</span> <span class="s">"172.18.0.0/24"</span> <span class="p">)</span> </code></pre> </div> <p>All of our network-related functions are from <code>pkg/net/net.go</code>, lets through those functions.<br> First, our create functions for veth, bridge, and vxlan is fairly simple, we just execute the commands from the previous articles:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">CreateBridge</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">,</span> <span class="n">ipAddr</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip link add %s type bridge"</span><span class="p">,</span> <span class="n">name</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip addr add %s dev %s"</span><span class="p">,</span> <span class="n">ipAddr</span><span class="p">,</span> <span class="n">name</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip link set %s up"</span><span class="p">,</span> <span class="n">name</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">CreateVethPairNamespaces</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">,</span> <span class="n">pair</span> <span class="kt">string</span><span class="p">,</span> <span class="n">bridge</span> <span class="kt">string</span><span class="p">,</span> <span class="n">namespacePID</span> <span class="kt">int</span><span class="p">,</span> <span class="n">ipAddr</span> <span class="kt">string</span><span class="p">,</span> <span class="n">bridgeIpAddr</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip link add %s type veth peer name %s"</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">pair</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip link set %s up"</span><span class="p">,</span> <span class="n">name</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip link set %s netns /proc/%d/ns/net"</span><span class="p">,</span> <span class="n">pair</span><span class="p">,</span> <span class="n">namespacePID</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"nsenter --net=/proc/%d/ns/net ip link set %s up"</span><span class="p">,</span> <span class="n">namespacePID</span><span class="p">,</span> <span class="n">pair</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"nsenter --net=/proc/%d/ns/net ip addr add %s dev %s"</span><span class="p">,</span> <span class="n">namespacePID</span><span class="p">,</span> <span class="n">ipAddr</span><span class="p">,</span> <span class="n">pair</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip link set %s master %s"</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">bridge</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"nsenter --net=/proc/%d/ns/net /usr/sbin/ip route add default via %s"</span><span class="p">,</span> <span class="n">namespacePID</span><span class="p">,</span> <span class="n">bridgeIpAddr</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">CreateVXLAN</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">,</span> <span class="n">nodeInterface</span> <span class="kt">string</span><span class="p">,</span> <span class="n">bridgeName</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">const</span> <span class="p">(</span> <span class="n">ID</span> <span class="o">=</span> <span class="s">"10"</span> <span class="n">GROUP</span> <span class="o">=</span> <span class="s">"239.1.1.1"</span> <span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip link add %s type vxlan id %s group %s dstport 0 dev %s"</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">ID</span><span class="p">,</span> <span class="n">GROUP</span><span class="p">,</span> <span class="n">nodeInterface</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip link set %s master %s"</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">bridgeName</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">ExecuteCommand</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ip link set %s up"</span><span class="p">,</span> <span class="n">name</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Next, we have a function to check if a device exists, to check that, we can look for a file in <code>/sys/class/net/</code> for example if a <code>br0</code> device exists the <code>/sys/class/net/br0</code> exists as well:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">IsDeviceExists</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">bool</span> <span class="p">{</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Stat</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"/sys/class/net/%s"</span><span class="p">,</span> <span class="n">name</span><span class="p">))</span> <span class="k">return</span> <span class="o">!</span><span class="n">os</span><span class="o">.</span><span class="n">IsNotExist</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Next, for getting the local IP address (used to discover the node IP address inside the node):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">unc</span> <span class="n">GetLocalIPAddr</span><span class="p">(</span><span class="n">interfaceName</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">addr</span> <span class="kt">string</span><span class="p">,</span> <span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">ief</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">InterfaceByName</span><span class="p">(</span><span class="n">interfaceName</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">addrs</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ief</span><span class="o">.</span><span class="n">Addrs</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">addrs</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>And for getting a new available IP address with a given CIDR, we get all the possible hosts and ping each of them to see if one of them is not returning a response (meaning it is not allocated), this code was taken from <a href="https://gist.github.com/kotakanbe/d3059af990252ba89a82" rel="noopener noreferrer">ipcalc.go gist</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">GetNextAvailableIPAddr</span><span class="p">(</span><span class="n">cidr</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">hosts</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">hosts</span><span class="p">(</span><span class="n">cidr</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">ip</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">hosts</span> <span class="p">{</span> <span class="n">out</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">exec</span><span class="o">.</span><span class="n">Command</span><span class="p">(</span><span class="s">"ping"</span><span class="p">,</span> <span class="s">"-c1"</span><span class="p">,</span> <span class="s">"-t1"</span><span class="p">,</span> <span class="n">ip</span><span class="p">)</span><span class="o">.</span><span class="n">Output</span><span class="p">()</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="kt">string</span><span class="p">(</span><span class="n">out</span><span class="p">),</span> <span class="s">"Destination Host Unreachable"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ip</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"no available ip have found in cidr: %s"</span><span class="p">,</span> <span class="n">cidr</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">hosts</span><span class="p">(</span><span class="n">cidr</span> <span class="kt">string</span><span class="p">)</span> <span class="p">([]</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">ip</span><span class="p">,</span> <span class="n">ipnet</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">ParseCIDR</span><span class="p">(</span><span class="n">cidr</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">inc</span> <span class="o">:=</span> <span class="k">func</span><span class="p">(</span><span class="n">ip</span> <span class="n">net</span><span class="o">.</span><span class="n">IP</span><span class="p">)</span> <span class="p">{</span> <span class="k">for</span> <span class="n">j</span> <span class="o">:=</span> <span class="nb">len</span><span class="p">(</span><span class="n">ip</span><span class="p">)</span> <span class="o">-</span> <span class="m">1</span><span class="p">;</span> <span class="n">j</span> <span class="o">&gt;=</span> <span class="m">0</span><span class="p">;</span> <span class="n">j</span><span class="o">--</span> <span class="p">{</span> <span class="n">ip</span><span class="p">[</span><span class="n">j</span><span class="p">]</span><span class="o">++</span> <span class="k">if</span> <span class="n">ip</span><span class="p">[</span><span class="n">j</span><span class="p">]</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="k">break</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">var</span> <span class="n">ips</span> <span class="p">[]</span><span class="kt">string</span> <span class="k">for</span> <span class="n">ip</span> <span class="o">:=</span> <span class="n">ip</span><span class="o">.</span><span class="n">Mask</span><span class="p">(</span><span class="n">ipnet</span><span class="o">.</span><span class="n">Mask</span><span class="p">);</span> <span class="n">ipnet</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">ip</span><span class="p">);</span> <span class="n">inc</span><span class="p">(</span><span class="n">ip</span><span class="p">)</span> <span class="p">{</span> <span class="n">ips</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">ips</span><span class="p">,</span> <span class="n">ip</span><span class="o">.</span><span class="n">String</span><span class="p">())</span> <span class="p">}</span> <span class="c">// remove network address and broadcast address</span> <span class="k">return</span> <span class="n">ips</span><span class="p">[</span><span class="m">1</span> <span class="o">:</span> <span class="nb">len</span><span class="p">(</span><span class="n">ips</span><span class="p">)</span><span class="o">-</span><span class="m">1</span><span class="p">],</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Let's test those changes!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ make build <span class="c"># create node</span> ❯ <span class="nb">sudo</span> ./bin/main node create 2022/11/05 13:05:26 node created: node-9613851a-2fcb-440f-949d-77eade2c3b0b 2022/11/05 13:05:26 starting node 2022/11/05 13:05:26 node assign port: 49232 <span class="c"># create pod</span> ❯ curl <span class="nt">-X</span> POST localhost:49232/pods <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> <span class="nt">-d</span> <span class="s1">'{"name": "pod1", "image registry": "docker.io/cloudnativelabs/whats-my-ip:latest"}'</span> <span class="o">{</span><span class="s2">"image registry"</span>:<span class="s2">"docker.io/cloudnativelabs/whats-my-ip:latest"</span>,<span class="s2">"name"</span>:<span class="s2">"pod1-49fa480b-803c-4655-87a2-a93f643e0c61"</span><span class="o">}</span> <span class="c"># the node logs - we can see all the commands that was executed</span> ❯ <span class="nb">sudo </span>docker logs 892 ____ __ / __/___/ / ___ / _// __/ _ <span class="se">\/</span> _ <span class="se">\</span> /___/<span class="se">\_</span>_/_//_/<span class="se">\_</span>__/ v4.9.0 High performance, minimalist Go web framework https://echo.labstack.com ____________________________________O/_______ O<span class="se">\</span> 2022/11/05 11:05:26 containerd logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:26 containerd running ⇨ http server started on <span class="o">[</span>::]:10250 2022/11/05 11:05:37 pod created: pod1-49fa480b-803c-4655-87a2-a93f643e0c61 2022/11/05 11:05:37 starting pod 2022/11/05 11:05:37 setting up pod network 2022/11/05 11:05:37 ip <span class="nb">link </span>add br0 <span class="nb">type </span>bridge logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:37 ip addr add 10.0.3.1/24 dev br0 logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:37 ip <span class="nb">link set </span>br0 up logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:37 ip <span class="nb">link </span>add vxlan10 <span class="nb">type </span>vxlan <span class="nb">id </span>10 group 239.1.1.1 dstport 0 dev eth0 logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:37 ip <span class="nb">link set </span>vxlan10 master br0 logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:37 ip <span class="nb">link set </span>vxlan10 up logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:50 ip <span class="nb">link </span>add veth-pod1-49fa4 <span class="nb">type </span>veth peer name ceth-pod1-49fa4 logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:50 ip <span class="nb">link set </span>veth-pod1-49fa4 up logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:50 ip <span class="nb">link set </span>ceth-pod1-49fa4 netns /proc/51/ns/net logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:50 nsenter <span class="nt">--net</span><span class="o">=</span>/proc/51/ns/net ip <span class="nb">link set </span>ceth-pod1-49fa4 up logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:50 nsenter <span class="nt">--net</span><span class="o">=</span>/proc/51/ns/net ip addr add 10.0.3.3/24 dev ceth-pod1-49fa4 logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:50 ip <span class="nb">link set </span>veth-pod1-49fa4 master br0 logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> 2022/11/05 11:05:50 nsenter <span class="nt">--net</span><span class="o">=</span>/proc/51/ns/net /usr/sbin/ip route add default via 10.0.3.1/24 logs: &amp;<span class="o">{</span>%!s<span class="o">(</span><span class="k">*</span>os.file<span class="o">=</span>&amp;<span class="o">{{{</span>0 0 0<span class="o">}</span> 1 <span class="o">{</span>0<span class="o">}</span> &lt;nil&gt; 0 1 <span class="nb">true true true</span><span class="o">}</span> /dev/stdout &lt;nil&gt; <span class="nb">false true false</span><span class="o">})}</span> <span class="nv">method</span><span class="o">=</span>POST, <span class="nv">uri</span><span class="o">=</span>/pods, <span class="nv">status</span><span class="o">=</span>201 <span class="c"># and inside the node we can see bridge and vxlan are created, and we can ping to the pod:</span> ❯ <span class="nb">sudo </span>docker <span class="nb">exec</span> <span class="nt">-it</span> 892 /bin/bash root@8923c146abc3:/agent# ip a 1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 <span class="nb">link</span>/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: br0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1450 qdisc noqueue state UP group default qlen 1000 <span class="nb">link</span>/ether 42:89:5f:a7:4f:78 brd ff:ff:ff:ff:ff:ff inet 10.0.3.1/24 scope global br0 valid_lft forever preferred_lft forever 3: vxlan10: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1450 qdisc noqueue master br0 state UNKNOWN group default qlen 1000 <span class="nb">link</span>/ether 42:89:5f:a7:4f:78 brd ff:ff:ff:ff:ff:ff 5: veth-pod1-49fa4@if4: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000 <span class="nb">link</span>/ether b2:aa:10:8b:8a:25 brd ff:ff:ff:ff:ff:ff link-netnsid 1 267: eth0@if268: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP group default <span class="nb">link</span>/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.18.0.3/24 brd 172.18.0.255 scope global eth0 valid_lft forever preferred_lft forever root@8923c146abc3:/agent# ping 10.0.3.3 PING 10.0.3.3 <span class="o">(</span>10.0.3.3<span class="o">)</span> 56<span class="o">(</span>84<span class="o">)</span> bytes of data. 64 bytes from 10.0.3.3: <span class="nv">icmp_seq</span><span class="o">=</span>1 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>0.142 ms 64 bytes from 10.0.3.3: <span class="nv">icmp_seq</span><span class="o">=</span>2 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>0.069 ms ^C <span class="nt">---</span> 10.0.3.3 ping statistics <span class="nt">---</span> </code></pre> </div> <p>In the next article, we will continue in our network implementation in code to ClusterIP and NodePort with iptables.</p> <p>As always, the source code can be found <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">here</a>, the changes can be seen in this <a href="https://github.com/jonatan5524/own-kubernetes/commit/0f4c5095b2003b06aa39c7352f296d0fa9ba9aa7" rel="noopener noreferrer">commit</a>.</p> kubernetes go programming linux Build own Kubernetes - NodePort Service networking Jonatan Ezron Fri, 21 Oct 2022 11:58:14 +0000 https://forem.com/jonatan5524/build-own-kubernetes-part-7-nodeport-service-networking-4274 https://forem.com/jonatan5524/build-own-kubernetes-part-7-nodeport-service-networking-4274 <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>In the previous articles, we established a connection between the pods across nodes using virtual network devices and some iptables rules.<br> In this article, we are going to make a NodePort service iptables rules to make a connection from outside of the cluster. For this article, I had the <a href="https://msazure.club/kubernetes-services-and-iptables/" rel="noopener noreferrer">kubernetes-services-and-iptables</a> blog helpful for the iptables rules in some services.<br> This article continues from the last article network architecture:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkytrhb8m4zi6jhmw7bsy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkytrhb8m4zi6jhmw7bsy.png" alt="Image description" width="695" height="693"></a></p> <p>First, to make our rules organized and well structured we are going to make custom chains and add our rules there, we start by deleting all the rules from the last article and creating a new chain called <code>KUBE-SERVICES</code> and adding them to <code>PREROUTING</code> and <code>OUTPUT</code> chains so that every packet going through this chains will be affected by our rules:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>iptables <span class="nt">-t</span> nat <span class="nt">-N</span> KUBE-SERVICES iptables <span class="nt">-t</span> nat <span class="nt">-A</span> PREROUTING <span class="nt">-j</span> KUBE-SERVICES iptables <span class="nt">-t</span> nat <span class="nt">-A</span> OUTPUT <span class="nt">-j</span> KUBE-SERVICES </code></pre> </div> <p>Now we create a custom chain for our ClusterIP service called <code>KUBE-SVC-1</code>, and assign the desired destination IP (virtual cluster IP: <code>172.17.10.10</code>) and port rule into the <code>KUBE-SERVICE</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>iptables <span class="nt">-t</span> nat <span class="nt">-N</span> KUBE-SVC-1 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SERVICES <span class="nt">-d</span> 172.17.10.10/16 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">--dport</span> 3001 <span class="nt">-j</span> KUBE-SVC-1 </code></pre> </div> <p>Now for each request to the ClusterIP service we want to load balance every request to the existing pod as before, so we add the <code>DNAT</code> statistics rules as before to the <code>KUBE-SVC-1</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1 <span class="nt">-m</span> statistic <span class="nt">--mode</span> nth <span class="nt">--every</span> 4 <span class="nt">--packet</span> 0 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.1.2:8080 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1 <span class="nt">-m</span> statistic <span class="nt">--mode</span> nth <span class="nt">--every</span> 3 <span class="nt">--packet</span> 0 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.1.3:8080 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1 <span class="nt">-m</span> statistic <span class="nt">--mode</span> nth <span class="nt">--every</span> 2 <span class="nt">--packet</span> 0 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.2.2:8080 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.2.3:8080 </code></pre> </div> <p>If you list all the iptables rules the output should be as followed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@91cda5c7dade:/agent# iptables <span class="nt">--list</span> <span class="nt">-n</span> <span class="nt">-t</span> nat <span class="nt">--line-number</span> Chain PREROUTING <span class="o">(</span>policy ACCEPT<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-SERVICES all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 Chain INPUT <span class="o">(</span>policy ACCEPT<span class="o">)</span> num target prot opt <span class="nb">source </span>destination Chain OUTPUT <span class="o">(</span>policy ACCEPT<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-SERVICES all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING <span class="o">(</span>policy ACCEPT<span class="o">)</span> num target prot opt <span class="nb">source </span>destination Chain KUBE-MARK-MASQ <span class="o">(</span>0 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 MARK all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 Chain KUBE-NODEPORTS <span class="o">(</span>1 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-SVC-1 tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 tcp dpt:30001 Chain KUBE-SERVICES <span class="o">(</span>2 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-SVC-1 tcp <span class="nt">--</span> 0.0.0.0/0 172.17.0.0/16 tcp dpt:3001 2 KUBE-NODEPORTS all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 Chain KUBE-SVC-1 <span class="o">(</span>2 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 DNAT tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 statistic mode nth every 4 tcp to:10.0.1.2:8080 2 DNAT tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 statistic mode nth every 3 tcp to:10.0.1.3:8080 3 DNAT tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 statistic mode nth every 2 tcp to:10.0.2.2:8080 4 DNAT tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 tcp to:10.0.2.3:8080 </code></pre> </div> <p>If you make a request to <code>http://172.17.10.10:3001</code> from inside the node or pods it will work as before.</p> <p>Now for the NodePort it should be fairly easy, a NodePort service opens selected ports on all nodes between a port range 30000-32767 so that a client can request a node with this port to access a service.<br> Basically, we need to forward incoming requests from a specific port to our ClusterIP load balancer service that already exists.</p> <p>Let's say we pick a NodePort port 3001, create a NodePort chain, and add them to our KUBE-SERVICES chain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>iptables <span class="nt">-t</span> nat <span class="nt">-N</span> KUBE-NODEPORTS iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-NODEPORTS <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">--dport</span> 30001 <span class="nt">-j</span> KUBE-SVC-1 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SERVICES <span class="nt">-j</span> KUBE-NODEPORTS </code></pre> </div> <p>If we make a request from our environment outside of the node to <code>NodeIP:3001</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ curl http://172.17.0.3:30001 HOSTNAME:91cda5c7dade IP:10.0.1.2 ❯ curl http://172.17.0.3:30001 HOSTNAME:91cda5c7dade IP:10.0.1.3 ❯ curl http://172.17.0.3:30001 ^C </code></pre> </div> <p>The third request hangs and not returning a response, this is because the last 2 requests are for the second node, when the request responds to the process outside of the cluster (our host) it expects a different source IP, so we need to <code>MASQUERADE</code> every outgoing request, Kubernetes doing that by marking every service request with <code>MARK</code> module and then MASQUERADE the marked packets.<br> Let's start by adding a <code>KUBE-MARK-MASQ</code> chain, add a mark rule in it, and add it as the first rule for the <code>KUBE-SERVICES</code> with our ClusterIP rules, <code>KUBE-NODEPORTS</code> without node port rules:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>iptables <span class="nt">-t</span> nat <span class="nt">-N</span> KUBE-MARK-MASQ iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-MARK-MASQ <span class="nt">-j</span> MARK <span class="nt">--set-xmark</span> 0x4000/0x4000 iptables <span class="nt">-t</span> nat <span class="nt">-I</span> KUBE-SERVICES 1 <span class="o">!</span> <span class="nt">-s</span> 10.0.0.0/16 <span class="nt">-d</span> 172.17.10.10/16 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">--dport</span> 3001 <span class="nt">-j</span> KUBE-MARK-MASQ iptables <span class="nt">-t</span> nat <span class="nt">-I</span> KUBE-NODEPORTS 1 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">--dport</span> 30001 <span class="nt">-j</span> KUBE-MARK-MASQ </code></pre> </div> <p>Now we also want to mark each request forwarded to our pods, so we create a chain for each pod forward called <code>KUBE-SVC-1-X</code>, when X is just a serial number, mark the packet and forward to the relevant pod in each chain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># pod1</span> iptables <span class="nt">-t</span> nat <span class="nt">-N</span> KUBE-SVC-1-1 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1-1 <span class="nt">-s</span> 10.0.1.2/16 <span class="nt">-j</span> KUBE-MARK-MASQ iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1-1 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.1.2:8080 <span class="c"># pod2</span> iptables <span class="nt">-t</span> nat <span class="nt">-N</span> KUBE-SVC-1-2 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1-2 <span class="nt">-s</span> 10.0.1.3/16 <span class="nt">-j</span> KUBE-MARK-MASQ iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1-2 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.1.3:8080 <span class="c"># pod3</span> iptables <span class="nt">-t</span> nat <span class="nt">-N</span> KUBE-SVC-1-3 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1-3 <span class="nt">-s</span> 10.0.2.2/16 <span class="nt">-j</span> KUBE-MARK-MASQ iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1-3 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.2.2:8080 <span class="c"># pod4</span> iptables <span class="nt">-t</span> nat <span class="nt">-N</span> KUBE-SVC-1-4 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1-4 <span class="nt">-s</span> 10.0.2.3/16 <span class="nt">-j</span> KUBE-MARK-MASQ iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1-4 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.2.3:8080 </code></pre> </div> <p>And add these chains to the <code>KUBE-SVC-1</code> chain instead of the rules we wrote (delete the <code>KUBE-SVC-1</code> rules before this command):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1 <span class="nt">-m</span> statistic <span class="nt">--mode</span> nth <span class="nt">--every</span> 4 <span class="nt">--packet</span> 0 <span class="nt">-j</span> KUBE-SVC-1-1 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1 <span class="nt">-m</span> statistic <span class="nt">--mode</span> nth <span class="nt">--every</span> 3 <span class="nt">--packet</span> 0 <span class="nt">-j</span> KUBE-SVC-1-2 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1 <span class="nt">-m</span> statistic <span class="nt">--mode</span> nth <span class="nt">--every</span> 2 <span class="nt">--packet</span> 0 <span class="nt">-j</span> KUBE-SVC-1-3 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SVC-1 <span class="nt">-j</span> KUBE-SVC-1-4 </code></pre> </div> <p>Now we add a MASQUERADE rule for the POSTROUTING chain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> iptables <span class="nt">-t</span> nat <span class="nt">-A</span> POSTROUTING <span class="nt">-m</span> mark <span class="nt">--mark</span> 0x4000/0x4000 <span class="nt">-j</span> MASQUERADE </code></pre> </div> <p><strong>Don't forget to add all the iptables rules we added to the second node as well!</strong></p> <p>We just need to change the last NodePort rule in <code>KUBE-SERVICES</code> to match every local package:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># delete the old one</span> iptables <span class="nt">-t</span> nat <span class="nt">-D</span> KUBE-SERVICES 3 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> KUBE-SERVICES <span class="nt">-m</span> addrtype <span class="nt">--dst-type</span> LOCAL <span class="nt">-j</span> KUBE-NODEPORTS </code></pre> </div> <p>All of your iptables rules in the <code>nat</code> table should be as followed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@91cda5c7dade:/agent# iptables <span class="nt">--list</span> <span class="nt">-n</span> <span class="nt">-t</span> nat <span class="nt">--line-number</span> Chain PREROUTING <span class="o">(</span>policy ACCEPT<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-SERVICES all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 Chain INPUT <span class="o">(</span>policy ACCEPT<span class="o">)</span> num target prot opt <span class="nb">source </span>destination Chain OUTPUT <span class="o">(</span>policy ACCEPT<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-SERVICES all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING <span class="o">(</span>policy ACCEPT<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 MASQUERADE all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 mark match 0x4000/0x4000 Chain KUBE-MARK-MASQ <span class="o">(</span>6 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 MARK all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 Chain KUBE-NODEPORTS <span class="o">(</span>1 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-MARK-MASQ tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 tcp dpt:30001 2 KUBE-SVC-1 tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 tcp dpt:30001 Chain KUBE-SERVICES <span class="o">(</span>2 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-MARK-MASQ tcp <span class="nt">--</span> <span class="o">!</span>10.0.0.0/16 172.17.0.0/16 tcp dpt:3001 2 KUBE-SVC-1 tcp <span class="nt">--</span> 0.0.0.0/0 172.17.0.0/16 tcp dpt:3001 3 KUBE-NODEPORTS all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain KUBE-SVC-1 <span class="o">(</span>2 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-SVC-1-1 all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 statistic mode nth every 4 2 KUBE-SVC-1-2 all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 statistic mode nth every 3 3 KUBE-SVC-1-3 all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 statistic mode nth every 2 4 KUBE-SVC-1-4 all <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 Chain KUBE-SVC-1-1 <span class="o">(</span>1 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-MARK-MASQ all <span class="nt">--</span> 10.0.0.0/16 0.0.0.0/0 2 DNAT tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 tcp to:10.0.1.2:8080 Chain KUBE-SVC-1-2 <span class="o">(</span>1 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-MARK-MASQ all <span class="nt">--</span> 10.0.0.0/16 0.0.0.0/0 2 DNAT tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 tcp to:10.0.1.3:8080 Chain KUBE-SVC-1-3 <span class="o">(</span>1 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-MARK-MASQ all <span class="nt">--</span> 10.0.0.0/16 0.0.0.0/0 2 DNAT tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 tcp to:10.0.2.2:8080 Chain KUBE-SVC-1-4 <span class="o">(</span>1 references<span class="o">)</span> num target prot opt <span class="nb">source </span>destination 1 KUBE-MARK-MASQ all <span class="nt">--</span> 10.0.0.0/16 0.0.0.0/0 2 DNAT tcp <span class="nt">--</span> 0.0.0.0/0 0.0.0.0/0 tcp to:10.0.2.3:8080 </code></pre> </div> <p>And now if we make the request from our host:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ curl http://172.17.0.3:30001 HOSTNAME:91cda5c7dade IP:10.0.1.2 ❯ curl http://172.17.0.3:30001 HOSTNAME:91cda5c7dade IP:10.0.1.3 ❯ curl http://172.17.0.3:30001 HOSTNAME:f76b32aa3747 IP:10.0.2.2 ❯ curl http://172.17.0.3:30001 HOSTNAME:f76b32aa3747 IP:10.0.2.3 </code></pre> </div> <p>Everything is working!</p> <p>All of the work we have done in the last 2 posts need to happen automatically on each pod creation and deletion, we will automate this process in the next article in code!</p> kubernetes devops linux Build own Kubernetes - ClusterIP Service networking Jonatan Ezron Thu, 20 Oct 2022 19:31:58 +0000 https://forem.com/jonatan5524/build-own-kubernetes-part-6-clusterip-service-networking-329l https://forem.com/jonatan5524/build-own-kubernetes-part-6-clusterip-service-networking-329l <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>In the previous articles, we automated the node creation with Docker. Everything looked good, we saw we had a running node with a REST API agent and inside it a running pod, but what about the connection to the pod? the communication to the pod? if you try to send a request to the running pod in your environment it will not work, and even in the Node itself, only inside the running containerd to localhost, it will work.<br> So we need to solve this problem.<br> This part was very difficult for me, I needed to get deep into Linux namespaces and networking to solve it, this amazing blogs helped me a lot <a href="https://iximiuz.com/en/posts/container-networking-is-simple/" rel="noopener noreferrer">ontainer-networking-is-simple</a>, some of the commands and drawing even was taken from there, I will explain the basics as we go along, but I recommend on reading this article before reading this, this article flow will be somewhat the same as iximiuz and msazure blogs.</p> <p>All of the commands we will execute will be inside the Node container, so start by creating a node and entering into his shell:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ <span class="nb">sudo</span> ./bin/main node create 2022/10/14 16:00:16 node created: node-f8c7d6b8-ef24-4406-84e2-284e1f520bdf 2022/10/14 16:00:16 starting node 2022/10/14 16:00:16 node assign port: 49171 ❯ <span class="nb">sudo </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 73c64ab768c2 own-kube-node <span class="s2">"./agent"</span> 28 seconds ago Up 27 seconds 0.0.0.0:49171-&gt;10250/tcp node-f8c7d6b8-ef24-4406-84e2-284e1f520bdf ❯ <span class="nb">sudo </span>docker <span class="nb">exec</span> <span class="nt">-it</span> 73c /bin/bash root@73c64ab768c2:/agent# </code></pre> </div> <p>Now we are going to use the <code>ip</code>, <code>iptables</code> and <code>ping</code> commands which are not installed in the container (later we will add them to the Dockerfile):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@73c64ab768c2:/agent# apt-get <span class="nb">install</span> <span class="nt">-y</span> iproute2 iptables iputils-ping </code></pre> </div> <p>Let's start and create 2 containers with ctr, we will use the <a href="https://hub.docker.com/r/cloudnativelabs/whats-my-ip" rel="noopener noreferrer">whats-my-ip image</a> so later it will be easy to test the connection.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@73c64ab768c2:/agent# ctr image pull docker.io/cloudnativelabs/whats-my-ip:latest root@73c64ab768c2:/agent# ctr run <span class="nt">-d</span> docker.io/cloudnativelabs/whats-my-ip:latest pod1 root@73c64ab768c2:/agent# ctr run <span class="nt">-d</span> docker.io/cloudnativelabs/whats-my-ip:latest pod2 root@73c64ab768c2:/agent# ctr c <span class="nb">ls </span>CONTAINER IMAGE RUNTIME pod1 docker.io/cloudnativelabs/whats-my-ip:latest io.containerd.runc.v2 pod2 docker.io/cloudnativelabs/whats-my-ip:latest io.containerd.runc.v2 root@73c64ab768c2:/agent# ctr t <span class="nb">ls </span>TASK PID STATUS pod2 974 RUNNING pod1 920 RUNNING </code></pre> </div> <p>We list the containers and tasks, as you can see there is no IP address assigned to the containers so we cant address them.<br> When a container is created for each instance a Linux namespace is created that isolates them from the host environment, our current state is looking like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0kvtdpxzecr9wg0qzks7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0kvtdpxzecr9wg0qzks7.png" alt="Image description" width="680" height="340"></a></p> <p>The node has the <code>eth0</code> interface for communication outside and the 2 containers have nothing.<br> So we need to create a virtual Ethernet device (<code>veth</code>), this is a virtual device that Linux provides us so we will able to communicate between namespace, these <code>veth</code> devices come in pairs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@73c64ab768c2:/agent# ip <span class="nb">link </span>add veth0 <span class="nb">type </span>veth peer name ceth0 </code></pre> </div> <p>Now we need one <code>veth</code> in our namespace and another in the container namespace, the container namespaces are located in <code>/proc/PID/ns/net</code>, so now we move <code>ceth0</code> to the pod network namespace, activate the devices, and assign an IP address to <code>ceth0</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># move ceth0 to pod1 network namespace</span> root@73c64ab768c2:/agent# ip <span class="nb">link set </span>ceth0 netns /proc/920/ns/net <span class="c"># activate ceth0 in the test network namespace</span> root@73c64ab768c2:/agent# nsenter <span class="nt">--net</span><span class="o">=</span>/proc/920/ns/net ip <span class="nb">link set </span>ceth0 up <span class="c"># assign IP address to ceth0</span> root@73c64ab768c2:/agent# nsenter <span class="nt">--net</span><span class="o">=</span>/proc/920/ns/net ip addr add 10.0.1.2/16 dev ceth0 <span class="c"># activate veth0 </span> root@73c64ab768c2:/agent# ip <span class="nb">link set </span>veth0 up </code></pre> </div> <p>Now we will do the same for pod2 network and assign a different IP address:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@73c64ab768c2:/agent# ip <span class="nb">link </span>add veth1 <span class="nb">type </span>veth peer name ceth1 root@73c64ab768c2:/agent# ip <span class="nb">link set </span>veth1 up root@73c64ab768c2:/agent# ip <span class="nb">link set </span>ceth1 netns /proc/974/ns/net root@73c64ab768c2:/agent# nsenter <span class="nt">--net</span><span class="o">=</span>/proc/974/ns/net ip <span class="nb">link set </span>ceth1 up root@73c64ab768c2:/agent# nsenter <span class="nt">--net</span><span class="o">=</span>/proc/974/ns/net ip addr add 10.0.1.3/16 dev ceth1 </code></pre> </div> <p>Now our system looks like that:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftu99z1iiaev1bny6b73j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftu99z1iiaev1bny6b73j.png" alt="Image description" width="693" height="334"></a></p> <p>Now we need to add a virtual bridge to separate the two networks we have created:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># creating a new bridge</span> root@73c64ab768c2:/agent# ip <span class="nb">link </span>add br0 <span class="nb">type </span>bridge <span class="c"># activating the device</span> root@73c64ab768c2:/agent# ip <span class="nb">link set </span>br0 up <span class="c"># connecting the two veth to the bridge</span> root@73c64ab768c2:/agent# ip <span class="nb">link set </span>veth0 master br0 root@73c64ab768c2:/agent# ip <span class="nb">link set </span>veth1 master br0 <span class="c"># assign an address to the bridge</span> root@73c64ab768c2:/agent# ip addr add 10.0.1.1/16 dev br0 </code></pre> </div> <p>our system will look like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fythe61093y3qok8m99xx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fythe61093y3qok8m99xx.png" alt="Image description" width="693" height="334"></a></p> <p>We want also to make the bridge for each of the container's network its default gateway, we do this using the following commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@73c64ab768c2:/agent# nsenter <span class="nt">--net</span><span class="o">=</span>/proc/920/ns/net ip route add default via 10.0.1.1 root@73c64ab768c2:/agent# nsenter <span class="nt">--net</span><span class="o">=</span>/proc/974/ns/net ip route add default via 10.0.1.1 </code></pre> </div> <p>Great we have two pods connected using a bridge and they both have two IP addresses.</p> <p>Now we will focus on ClusterIP service, this service is for communication and load balancer inside the cluster between other pods across nodes.</p> <p>Firstly we need to create a new node and two pods inside it and create the <code>veth</code> and <code>bridge</code> as we followed here, the IP is as followed:<br> pod3 <code>10.0.2.2/16</code><br> pod4 <code>10.0.2.3/16</code><br> bridge <code>10.0.2.1/16</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># installing packages</span> apt-get <span class="nb">install </span>iproute2 iptables <span class="nt">-y</span> <span class="c"># setup pod3 - 537 pid</span> ip <span class="nb">link </span>add veth0 <span class="nb">type </span>veth peer name ceth0 ip <span class="nb">link set </span>veth0 up ip <span class="nb">link set </span>ceth0 netns /proc/537/ns/net nsenter <span class="nt">--net</span><span class="o">=</span>/proc/537/ns/net ip <span class="nb">link set </span>ceth0 up nsenter <span class="nt">--net</span><span class="o">=</span>/proc/537/ns/net ip addr add 10.0.2.2/16 dev ceth0 <span class="c"># setup pod2 - 595 pid</span> ip <span class="nb">link </span>add veth1 <span class="nb">type </span>veth peer name ceth1 ip <span class="nb">link set </span>veth1 up ip <span class="nb">link set </span>ceth1 netns /proc/595/ns/net nsenter <span class="nt">--net</span><span class="o">=</span>/proc/595/ns/net ip <span class="nb">link set </span>ceth1 up nsenter <span class="nt">--net</span><span class="o">=</span>/proc/595/ns/net ip addr add 10.0.2.3/16 dev ceth1 <span class="c"># setup bridge</span> ip <span class="nb">link </span>add br0 <span class="nb">type </span>bridge ip <span class="nb">link set </span>br0 up ip addr add 10.0.2.1/16 dev br0 ip <span class="nb">link set </span>veth0 master br0 ip <span class="nb">link set </span>veth1 master br0 <span class="c"># setup default route for both pods</span> nsenter <span class="nt">--net</span><span class="o">=</span>/proc/537/ns/net ip route add default via 10.0.2.1 nsenter <span class="nt">--net</span><span class="o">=</span>/proc/595/ns/net ip route add default via 10.0.2.1 </code></pre> </div> <p>Our system is as followed:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4cb8sg5m9eywmp2m4htk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4cb8sg5m9eywmp2m4htk.png" alt="Image description" width="695" height="693"></a></p> <p>Now we want to allow communication for the pods between nodes, we are doing this by using <code>vxlan</code>, which is an extended vlan method for virtualizing a LAN connection between different hosts.<br> we create that with the following command in the two nodes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># create vxlan</span> ip <span class="nb">link </span>add vxlan10 <span class="nb">type </span>vxlan <span class="nb">id </span>10 group 239.1.1.1 dstport 0 dev eth0 <span class="c"># connect vxlan to the bridge</span> ip <span class="nb">link set </span>vxlan10 master br0 <span class="c"># activate the vxlan</span> ip <span class="nb">link set </span>vxlan10 up </code></pre> </div> <p>Our system is as followed:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbkbl5wqp2iyq71t8d2ul.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbkbl5wqp2iyq71t8d2ul.png" alt="Image description" width="695" height="693"></a></p> <p>Now for creating a ClusterIP service, we need to add iptables rules.<br> We will use the <code>nat</code> table and <code>DNAT</code> chain to address every request to the cluster IP (virtual selected IP) to a pod the command will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>iptables <span class="nt">-t</span> nat <span class="nt">-A</span> PREROUTING <span class="nt">-d</span> <span class="nv">$CLUSTER_IP</span> <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">--dport</span> <span class="nv">$CLUSTER_IP_PORT</span> <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> <span class="nv">$POD_IP4</span>:<span class="nv">$POD_PORT4</span> </code></pre> </div> <p>Now we want to include also load balancing using the round-robin method, <code>iptables</code> provide a solution for this too, using statistics, to forward each request by every option.<br> The full command looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>iptables <span class="nt">-t</span> nat <span class="nt">-A</span> PREROUTING <span class="nt">-d</span> 172.17.10.10 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">--dport</span> 3001 <span class="nt">-m</span> statistic <span class="nt">--mode</span> nth <span class="nt">--every</span> 4 <span class="nt">--packet</span> 0 <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.1.2:8080 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> PREROUTING <span class="nt">-d</span> 172.17.10.10 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">--dport</span> 3001 <span class="nt">-m</span> statistic <span class="nt">--mode</span> nth <span class="nt">--every</span> 3 <span class="nt">--packet</span> 0 <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.1.3:8080 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> PREROUTING <span class="nt">-d</span> 172.17.10.10 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">--dport</span> 3001 <span class="nt">-m</span> statistic <span class="nt">--mode</span> nth <span class="nt">--every</span> 2 <span class="nt">--packet</span> 0 <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.2.2:8080 iptables <span class="nt">-t</span> nat <span class="nt">-A</span> PREROUTING <span class="nt">-d</span> 172.17.10.10 <span class="nt">-p</span> tcp <span class="nt">-m</span> tcp <span class="nt">--dport</span> 3001 <span class="nt">-j</span> DNAT <span class="nt">--to-destination</span> 10.0.2.3:8080 </code></pre> </div> <p>In the above commands, we establish four rules for every request to a virtual cluster IP load balance to our four pods using the round-robin method.</p> <p>For testing the ClusterIP service we create a new pod in one of the nodes containing simple Linux like alpine, connect it to the network and bridge, and make a request, for each request you can see there is a different IP response!<br> In alpine <code>curl</code> is not installed by default and we don't have a communication to the outside world so we need to use <code>wget</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>wget http://172.17.10.10:3001 Connecting to 172.17.10.10:3001 <span class="o">(</span>172.17.10.10:3001<span class="o">)</span> saving to <span class="s1">'index.html'</span> index.html 100% |<span class="k">********************************</span>| 34 0:00:00 ETA <span class="s1">'index.html'</span> saved <span class="nb">cat </span>index.html HOSTNAME:91cda5c7dade IP:10.0.1.2 <span class="nb">rm </span>index.html wget http://172.17.10.10:3001 Connecting to 172.17.10.10:3001 <span class="o">(</span>172.17.10.10:3001<span class="o">)</span> saving to <span class="s1">'index.html'</span> index.html 100% |<span class="k">********************************</span>| 34 0:00:00 ETA <span class="s1">'index.html'</span> saved <span class="nb">cat </span>index.html HOSTNAME:91cda5c7dade IP:10.0.1.3 <span class="nb">rm </span>index.html wget http://172.17.10.10:3001 Connecting to 172.17.10.10:3001 <span class="o">(</span>172.17.10.10:3001<span class="o">)</span> saving to <span class="s1">'index.html'</span> index.html 100% |<span class="k">********************************</span>| 34 0:00:00 ETA <span class="s1">'index.html'</span> saved <span class="nb">cat </span>index.html HOSTNAME:91cda5c7dade IP:10.0.2.2 <span class="nb">rm </span>index.html wget http://172.17.10.10:3001 Connecting to 172.17.10.10:3001 <span class="o">(</span>172.17.10.10:3001<span class="o">)</span> saving to <span class="s1">'index.html'</span> index.html 100% |<span class="k">********************************</span>| 34 0:00:00 ETA <span class="s1">'index.html'</span> saved <span class="nb">cat </span>index.html HOSTNAME:91cda5c7dade IP:10.0.2.3 </code></pre> </div> <p>We covered here a lot of Linux networking, I recommend if you wonder how I got to these commands and structure read the article I mentioned above. <a href="https://iximiuz.com/en/posts/container-networking-is-simple/" rel="noopener noreferrer">reference</a></p> <p>All the networking we did above is done for every pod creation and deletion, for this, Kubernetes created some plugin for the containerd <code>ctr</code> called <code>cni</code>, I have decided to work on my own to learn better the underline of things.</p> <p>We node have communication between pods but not communication to the outside world, in the next article, we will make a NodePort service!</p> kubernetes devops linux Build own Kubernetes - Node commands Jonatan Ezron Wed, 12 Oct 2022 16:33:42 +0000 https://forem.com/jonatan5524/build-own-kubernetes-part-5-node-commands-1ep5 https://forem.com/jonatan5524/build-own-kubernetes-part-5-node-commands-1ep5 <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>In the previous post, we built the node image and wrote the agent, all done by executing commands on the shell with docker build and run, but the whole process should be automated by our program, this is what this article will focus on, on creating node on command, listing them and deleting them.</p> <p>Before we begin I had some minor fixes in the code: rename the command variables in cmd/pod.go because we are going to use the same name in node, change the agent pods routes to pods and not pod as BP in REST, and moved the GenerateNewID function to pkg/util.go. Some big change was in the Dockerfile, I am relying on the environment that is running the commands to have locally the node image built, so I made a Makefile to build the main program, the agent, and the node image.<br> Makefile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight make"><code><span class="nl">default</span><span class="o">:</span> <span class="nf">build</span> <span class="nl">build</span><span class="o">:</span> <span class="nf">build-agent build-node-image</span> go build <span class="nt">-o</span> bin/main main.go <span class="nl">build-node-image</span><span class="o">:</span> <span class="nb">sudo </span>docker build <span class="nt">-t</span> own-kube-node . <span class="nl">build-agent</span><span class="o">:</span> go build <span class="nt">-o</span> bin/agent pkg/agent/agent.go </code></pre> </div> <p>As a result, we can rely on the binary for the agent is already built when we build out the image so I removed the build from the Dockerfile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Dockerfile for node image</span> <span class="k">FROM</span><span class="s"> ubuntu</span> <span class="k">WORKDIR</span><span class="s"> /agent</span> <span class="k">RUN </span>apt-get update <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> wget containerd <span class="k">COPY</span><span class="s"> bin/agent .</span> <span class="k">EXPOSE</span><span class="s"> 10250</span> <span class="k">ENTRYPOINT</span><span class="s"> [ "./agent" ]</span> </code></pre> </div> <p>Let's start with our node functionality, Like the pod, we have related files to node functionality in <code>pkg/node</code>.<br> We start on <code>pkg/node/constraints.go</code> to define some constraints for our work:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">node</span> <span class="k">import</span> <span class="s">"github.com/jonatan5524/own-kubernetes/pkg/agent/api"</span> <span class="k">const</span> <span class="p">(</span> <span class="n">NODE_NAME</span> <span class="o">=</span> <span class="s">"node"</span> <span class="n">NODE_IMAGE</span> <span class="o">=</span> <span class="s">"own-kube-node"</span> <span class="n">NODE_PORT</span> <span class="o">=</span> <span class="n">api</span><span class="o">.</span><span class="n">PORT</span> <span class="o">+</span> <span class="s">"/tcp"</span> <span class="n">NODE_PORT_HOST_IP</span> <span class="o">=</span> <span class="s">"0.0.0.0"</span> <span class="n">MEMORY_LIMIT</span> <span class="o">=</span> <span class="m">2.9e+9</span> <span class="c">// 2900MB</span> <span class="n">CPU_LIMIT</span> <span class="o">=</span> <span class="m">2</span> <span class="n">NODE_HOST_MIN_PORT</span> <span class="o">=</span> <span class="m">10250</span> <span class="n">NODE_HOST_MAX_PORT</span> <span class="o">=</span> <span class="m">10300</span> <span class="p">)</span> </code></pre> </div> <p>All the constraints will be used in the following files and all the values are taken from the last article when we ran the docker container node. <br> In the <code>pkg/node.go</code> we define a Node struct:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Node</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Id</span> <span class="kt">string</span> <span class="n">Port</span> <span class="kt">string</span> <span class="p">}</span> </code></pre> </div> <p>Id - generated id for the node<br> Port - generate unused port for the node<br> In this file we also define function for creating a new node using the <a href="https://docs.docker.com/engine/api/sdk/" rel="noopener noreferrer">docker sdk</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewNode</span><span class="p">(</span><span class="n">cli</span> <span class="o">*</span><span class="n">client</span><span class="o">.</span><span class="n">Client</span><span class="p">,</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Node</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">exists</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">isNodeImageExists</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="n">exists</span> <span class="o">==</span> <span class="no">false</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"node image: %s not exists locally, need to build the image"</span><span class="p">,</span> <span class="n">NODE_IMAGE</span><span class="p">)</span> <span class="p">}</span> <span class="n">id</span> <span class="o">:=</span> <span class="n">pkg</span><span class="o">.</span><span class="n">GenerateNewID</span><span class="p">(</span><span class="n">NODE_NAME</span><span class="p">)</span> <span class="n">config</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">container</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">Image</span><span class="o">:</span> <span class="n">NODE_IMAGE</span><span class="p">,</span> <span class="p">}</span> <span class="n">hostConfig</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">container</span><span class="o">.</span><span class="n">HostConfig</span><span class="p">{</span> <span class="n">PortBindings</span><span class="o">:</span> <span class="n">nat</span><span class="o">.</span><span class="n">PortMap</span><span class="p">{</span> <span class="n">nat</span><span class="o">.</span><span class="n">Port</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s/tcp"</span><span class="p">,</span> <span class="n">api</span><span class="o">.</span><span class="n">PORT</span><span class="p">))</span><span class="o">:</span> <span class="p">[]</span><span class="n">nat</span><span class="o">.</span><span class="n">PortBinding</span><span class="p">{</span> <span class="p">{</span> <span class="n">HostIP</span><span class="o">:</span> <span class="n">NODE_PORT_HOST_IP</span><span class="p">,</span> <span class="n">HostPort</span><span class="o">:</span> <span class="s">"0"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="n">Resources</span><span class="o">:</span> <span class="n">container</span><span class="o">.</span><span class="n">Resources</span><span class="p">{</span> <span class="n">Memory</span><span class="o">:</span> <span class="n">MEMORY_LIMIT</span><span class="p">,</span> <span class="n">CPUShares</span><span class="o">:</span> <span class="n">CPU_LIMIT</span><span class="p">,</span> <span class="p">},</span> <span class="n">Privileged</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="p">}</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">cli</span><span class="o">.</span><span class="n">ContainerCreate</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">config</span><span class="p">,</span> <span class="n">hostConfig</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">id</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">Node</span><span class="p">{</span><span class="n">Id</span><span class="o">:</span> <span class="n">id</span><span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>We first check if the node image exists, then we generate an id, and create some config for the container:</p> <ul> <li>node image</li> <li>port forwarding from the port inside the container (the agent API) to outside of the container. The HostPort is 0 because Linux assigns a random open port when a service assigns a 0 port.</li> <li>memory limit</li> <li>CPU limit</li> <li>privileged All the configurations are equivalent to the command we ran in the previous article: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>docker run <span class="nt">-it</span> <span class="nt">--memory</span><span class="o">=</span><span class="s2">"2900MB"</span> <span class="nt">--cpus</span><span class="o">=</span><span class="s2">"2"</span> <span class="nt">-p</span> 10250:10250 <span class="nt">--privileged</span> <span class="nt">--name</span> <span class="nb">test</span> <span class="nt">--rm</span> containerd_test </code></pre> </div> <p>Then we create the container with the config and generated Id and return a new Node struct.<br> The <code>isNodeImageExists</code> function implementation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">isNodeImageExists</span><span class="p">(</span><span class="n">cli</span> <span class="o">*</span><span class="n">client</span><span class="o">.</span><span class="n">Client</span><span class="p">,</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">(</span><span class="kt">bool</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">images</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cli</span><span class="o">.</span><span class="n">ImageList</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">types</span><span class="o">.</span><span class="n">ImageListOptions</span><span class="p">{})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">image</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">images</span> <span class="p">{</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">image</span><span class="o">.</span><span class="n">RepoTags</span><span class="p">[</span><span class="m">0</span><span class="p">],</span> <span class="n">NODE_IMAGE</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="no">true</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The function List the existing images, go through each one, and check if its RepoTag contains an <code>own-kube-node</code></p> <p>Let's move to <code>pkg/node/service.go</code>, the first function we will go through will be the <code>initDockerConnection</code> which initialized the docker client and context:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">initDockerConnection</span><span class="p">()</span> <span class="p">(</span><span class="o">*</span><span class="n">client</span><span class="o">.</span><span class="n">Client</span><span class="p">,</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> <span class="n">cli</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">NewClientWithOpts</span><span class="p">(</span><span class="n">client</span><span class="o">.</span><span class="n">FromEnv</span><span class="p">,</span> <span class="n">client</span><span class="o">.</span><span class="n">WithAPIVersionNegotiation</span><span class="p">())</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">cli</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Next, is the <code>NewNodeAndRun</code> function which creates new node and starts the container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewNodeAndRun</span><span class="p">()</span> <span class="p">(</span><span class="o">*</span><span class="n">Node</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">cli</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">initDockerConnection</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">cli</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="n">node</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">NewNode</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cli</span><span class="o">.</span><span class="n">ContainerStart</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">node</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="n">types</span><span class="o">.</span><span class="n">ContainerStartOptions</span><span class="p">{});</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"node created: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">node</span><span class="o">.</span><span class="n">Id</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"starting node</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">container</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cli</span><span class="o">.</span><span class="n">ContainerInspect</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">node</span><span class="o">.</span><span class="n">Id</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// get linux generated port</span> <span class="n">node</span><span class="o">.</span><span class="n">Port</span> <span class="o">=</span> <span class="n">container</span><span class="o">.</span><span class="n">NetworkSettings</span><span class="o">.</span><span class="n">Ports</span><span class="p">[</span><span class="n">nat</span><span class="o">.</span><span class="n">Port</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s/tcp"</span><span class="p">,</span> <span class="n">api</span><span class="o">.</span><span class="n">PORT</span><span class="p">))][</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">HostPort</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"node assign port: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">node</span><span class="o">.</span><span class="n">Port</span><span class="p">)</span> <span class="k">return</span> <span class="n">node</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>As you can see in this function, we are initializing the connection to the docker daemon, creating a new node and container, starting the container, and then because we assign port 0 we need to retrieve the assigned port by the system.</p> <p>The next function is <code>ListRunningNodes</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">ListRunningNodes</span><span class="p">()</span> <span class="p">([]</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">cli</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">initDockerConnection</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">cli</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="n">runningNodes</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{}</span> <span class="n">filter</span> <span class="o">:=</span> <span class="n">filters</span><span class="o">.</span><span class="n">NewArgs</span><span class="p">(</span><span class="n">filters</span><span class="o">.</span><span class="n">KeyValuePair</span><span class="p">{</span><span class="n">Key</span><span class="o">:</span> <span class="s">"ancestor"</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">NODE_IMAGE</span><span class="p">})</span> <span class="n">containers</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cli</span><span class="o">.</span><span class="n">ContainerList</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">types</span><span class="o">.</span><span class="n">ContainerListOptions</span><span class="p">{</span><span class="n">Filters</span><span class="o">:</span> <span class="n">filter</span><span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">runningNodes</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">container</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">containers</span> <span class="p">{</span> <span class="n">runningNodes</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">runningNodes</span><span class="p">,</span> <span class="n">container</span><span class="o">.</span><span class="n">Names</span><span class="p">[</span><span class="m">0</span><span class="p">])</span> <span class="p">}</span> <span class="k">return</span> <span class="n">runningNodes</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The function initializes the connection, calls the <code>ContainerList</code> method with the <code>ancestor</code> filter which means the image we want to filter, and then runs over each container to create a list of names.</p> <p>The last function is <code>KillNode</code> function which simply stops the container and removes it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">KillNode</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">cli</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">initDockerConnection</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">cli</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cli</span><span class="o">.</span><span class="n">ContainerStop</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="no">nil</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">removeOptions</span> <span class="o">:=</span> <span class="n">types</span><span class="o">.</span><span class="n">ContainerRemoveOptions</span><span class="p">{</span> <span class="n">RemoveVolumes</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="n">Force</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cli</span><span class="o">.</span><span class="n">ContainerRemove</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">removeOptions</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">name</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The last part we need to complete is <code>cmd/node.go</code> its structure is the same as <code>cmd/pod.go</code>, I'm not going to add this file here as this article is too long, you can see it in the source code.</p> <p>we can see that everything works on the terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ make go build <span class="nt">-o</span> bin/agent pkg/agent/agent.go <span class="nb">sudo </span>docker build <span class="nt">-t</span> own-kube-node <span class="nb">.</span> ... ❯ <span class="nb">sudo</span> ./bin/main node create 2022/10/12 19:18:26 node created: node-7daf80ec-0a46-4977-952c-66deb81e32f7 2022/10/12 19:18:26 starting node 2022/10/12 19:18:26 node assign port: 49167 ❯ <span class="nb">sudo </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2066e8e0b933 own-kube-node <span class="s2">"./agent"</span> 5 seconds ago Up 4 seconds 0.0.0.0:49167-&gt;10250/tcp node-7daf80ec-0a46-4977-952c-66deb81e32f ❯ curl <span class="nt">-X</span> POST localhost:49167/pods <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> <span class="nt">-d</span> <span class="s1">'{"name": "redis", "image registry": "docker.io/library/redis:alpine"}'</span> <span class="o">{</span><span class="s2">"image registry"</span>:<span class="s2">"docker.io/library/redis:alpine"</span>,<span class="s2">"name"</span>:<span class="s2">"redis-a1cfce57-5db9-4894-a8cf-c277444e1b0c"</span><span class="o">}</span> </code></pre> </div> <p>And that's it, we have a node created by command using an API call that can also create for us a pod inside the node!</p> <p>In the next article, we will cover some Linux network and get working communication with our pods and nodes.</p> <p>As always, the source code can be found <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">here</a>, the changes were in <code>pkg/node</code>, <code>Dockerfile</code>, <code>Makefile</code>, <code>cmd/node</code>.</p> kubernetes devops go programming Build own Kubernetes - Node setup Jonatan Ezron Tue, 11 Oct 2022 15:20:19 +0000 https://forem.com/jonatan5524/build-own-kubernetes-part-4-node-setup-1l3i https://forem.com/jonatan5524/build-own-kubernetes-part-4-node-setup-1l3i <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>In the last posts we handled pods, Now in this article, we are going to focus on Node.<br> But first, what is a node?<br> Node can be a physical or virtual machine. There is a master node which contains the control plane and etcd and worker nodes which contains the running pods, kubelet, and k-proxy. In this article, we will focus on the worker node creation.</p> <p>Before this article I had some refactor the code, The creating and running methods of the pods, output set to log file and not STDIO, added a new method to get the pod logs, and the create pod commands now calls a NewPodAndRun function which creates and runs the code.</p> <p>I was struggling to find the right platform for the node os, at first I looked for an appropriate docker container image that will run the agent (kubelet) and containerd service in the background but with no luck. So we need to build some base image on our own, this node VM can also be created with KVM, I decided docker for the easier approach.<br> We first need to build a Dockerfile with Golang, we will use the base image ubuntu (I have tried alpine but had some troubles building the go source code 😔 ), install go and containerd, to check if everything works I have taken a simple HTTP server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="s">"log"</span> <span class="s">"os"</span> <span class="s">"os/exec"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">hello</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">req</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"hello</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">headers</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">req</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="k">for</span> <span class="n">name</span><span class="p">,</span> <span class="n">headers</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">req</span><span class="o">.</span><span class="n">Header</span> <span class="p">{</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">h</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">headers</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"%v: %v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">h</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">startContainerd</span><span class="p">()</span> <span class="p">{</span> <span class="n">cmd</span> <span class="o">:=</span> <span class="n">exec</span><span class="o">.</span><span class="n">Command</span><span class="p">(</span><span class="s">"containerd"</span><span class="p">)</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Stdout</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">Stdout</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Start</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"just ran subprocess %d"</span><span class="p">,</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Process</span><span class="o">.</span><span class="n">Pid</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">startContainerd</span><span class="p">()</span> <span class="n">http</span><span class="o">.</span><span class="n">HandleFunc</span><span class="p">(</span><span class="s">"/hello"</span><span class="p">,</span> <span class="n">hello</span><span class="p">)</span> <span class="n">http</span><span class="o">.</span><span class="n">HandleFunc</span><span class="p">(</span><span class="s">"/headers"</span><span class="p">,</span> <span class="n">headers</span><span class="p">)</span> <span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="s">":8090"</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The server first starts a containerd service process and then starts the server.<br> For the Dockerfile we installed Go, containerd, and copy and build or main.go:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> ubuntu</span> <span class="k">WORKDIR</span><span class="s"> /agent</span> <span class="k">RUN </span>apt-get update <span class="se">\ </span> <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> wget git gcc <span class="se">\ </span> <span class="o">&amp;&amp;</span> wget <span class="nt">-P</span> /tmp https://go.dev/dl/go1.19.2.linux-amd64.tar.gz <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">tar</span> <span class="nt">-C</span> /usr/local <span class="nt">-xzf</span> <span class="s2">"/tmp/go1.19.2.linux-amd64.tar.gz"</span> <span class="k">ENV</span><span class="s"> GOPATH /go</span> <span class="k">ENV</span><span class="s"> PATH $GOPATH/bin:/usr/local/go/bin:$PATH</span> <span class="k">RUN </span><span class="nb">mkdir</span> <span class="nt">-p</span> <span class="s2">"</span><span class="nv">$GOPATH</span><span class="s2">/src"</span> <span class="s2">"</span><span class="nv">$GOPATH</span><span class="s2">/bin"</span> <span class="o">&amp;&amp;</span> <span class="nb">chmod</span> <span class="nt">-R</span> 777 <span class="s2">"</span><span class="nv">$GOPATH</span><span class="s2">"</span> <span class="k">COPY</span><span class="s"> main.go .</span> <span class="k">RUN </span>go build <span class="nt">-o</span> main main.go <span class="k">RUN </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> containerd <span class="k">EXPOSE</span><span class="s"> 8090</span> <span class="k">ENTRYPOINT</span><span class="s"> [ "./main" ]</span> </code></pre> </div> <p>We build and run with enlarged CPU and memory limit (the sizes for the CPU and memory I have got from <a href="https://github.com/kubernetes/minikube" rel="noopener noreferrer">minikube</a> implementation) so we have enough for the pods we will create inside:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ <span class="nb">sudo </span>docker build <span class="nb">.</span> <span class="nt">-t</span> containerd_test ❯ <span class="nb">sudo </span>docker run <span class="nt">-it</span> <span class="nt">--memory</span><span class="o">=</span><span class="s2">"2900MB"</span> <span class="nt">--cpus</span><span class="o">=</span><span class="s2">"2"</span> <span class="nt">-p</span> 8090:8090 containerd_test ❯ <span class="nb">sudo </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e26fd47de621 containerd_test <span class="s2">"./main"</span> 25 seconds ago Up 24 seconds 0.0.0.0:8090-&gt;8090/tcp, :::8090-&gt;8090/tcp reverent_solomon ❯ <span class="nb">sudo </span>docker <span class="nb">exec </span>e26 ctr c <span class="nb">ls </span>CONTAINER IMAGE RUNTIME </code></pre> </div> <p>As you can see the HTTP server is running and there is a containerd process running as well.</p> <p>Now we need to build our agent, the base functionality of creating pods is already set, we just need some API endpoints.<br> We will use the <a href="https://echo.labstack.com/" rel="noopener noreferrer">echo framework</a> for the REST API, to implement the different API endpoints: POST for creating pods, DELETE for deleting, GET for getting the pods, and for getting pod logs.<br> Let's start with the main function of the agent binary, it will be in pkg/agent/agent.go that will start the containerd process and config the echo REST API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"log"</span> <span class="s">"os"</span> <span class="s">"os/exec"</span> <span class="s">"github.com/jonatan5524/own-kubernetes/pkg/agent/api"</span> <span class="s">"github.com/labstack/echo/v4"</span> <span class="s">"github.com/labstack/echo/v4/middleware"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">initRoutes</span><span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">echo</span><span class="o">.</span><span class="n">Echo</span><span class="p">)</span> <span class="p">{</span> <span class="n">e</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/pod"</span><span class="p">,</span> <span class="n">api</span><span class="o">.</span><span class="n">CreatePod</span><span class="p">)</span> <span class="n">e</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/pod/:id/log"</span><span class="p">,</span> <span class="n">api</span><span class="o">.</span><span class="n">LogPod</span><span class="p">)</span> <span class="n">e</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/pod"</span><span class="p">,</span> <span class="n">api</span><span class="o">.</span><span class="n">GetAllPods</span><span class="p">)</span> <span class="n">e</span><span class="o">.</span><span class="n">DELETE</span><span class="p">(</span><span class="s">"/pod/:id"</span><span class="p">,</span> <span class="n">api</span><span class="o">.</span><span class="n">DeletePod</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">initMiddlewares</span><span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">echo</span><span class="o">.</span><span class="n">Echo</span><span class="p">)</span> <span class="p">{</span> <span class="n">e</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">middleware</span><span class="o">.</span><span class="n">LoggerWithConfig</span><span class="p">(</span><span class="n">middleware</span><span class="o">.</span><span class="n">LoggerConfig</span><span class="p">{</span> <span class="n">Format</span><span class="o">:</span> <span class="s">"method=${method}, uri=${uri}, status=${status}</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="p">}))</span> <span class="n">e</span><span class="o">.</span><span class="n">HTTPErrorHandler</span> <span class="o">=</span> <span class="k">func</span><span class="p">(</span><span class="n">err</span> <span class="kt">error</span><span class="p">,</span> <span class="n">c</span> <span class="n">echo</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">Logger</span><span class="p">()</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="n">e</span><span class="o">.</span><span class="n">DefaultHTTPErrorHandler</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="n">c</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">startContainerd</span><span class="p">()</span> <span class="p">{</span> <span class="n">cmd</span> <span class="o">:=</span> <span class="n">exec</span><span class="o">.</span><span class="n">Command</span><span class="p">(</span><span class="s">"containerd"</span><span class="p">)</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Stdout</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">Stdout</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Start</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"containerd run on %d"</span><span class="p">,</span> <span class="n">cmd</span><span class="o">.</span><span class="n">Process</span><span class="o">.</span><span class="n">Pid</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">startContainerd</span><span class="p">()</span> <span class="n">e</span> <span class="o">:=</span> <span class="n">echo</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="n">initMiddlewares</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="n">initRoutes</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="n">e</span><span class="o">.</span><span class="n">Logger</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">Start</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">":%s"</span><span class="p">,</span> <span class="n">api</span><span class="o">.</span><span class="n">PORT</span><span class="p">)))</span> <span class="p">}</span> </code></pre> </div> <p>We used port 10250 for the agent API because this is the same port used in the Kubernetes agent.<br> Next is the pkg/agent/api/pod.go that will contains the different functions that will handle the pod endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">api</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"net/http"</span> <span class="s">"github.com/jonatan5524/own-kubernetes/pkg/pod"</span> <span class="s">"github.com/labstack/echo/v4"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">podDTO</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ImageRegistry</span> <span class="kt">string</span> <span class="s">`json:"image registry"`</span> <span class="n">Name</span> <span class="kt">string</span> <span class="s">`json:"name"`</span> <span class="p">}</span> <span class="k">func</span> <span class="n">CreatePod</span><span class="p">(</span><span class="n">c</span> <span class="n">echo</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">podDto</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">podDTO</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Bind</span><span class="p">(</span><span class="n">podDto</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">id</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">NewPodAndRun</span><span class="p">(</span><span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">podDto</span><span class="o">.</span><span class="n">Name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusCreated</span><span class="p">,</span> <span class="n">podDTO</span><span class="p">{</span> <span class="n">ImageRegistry</span><span class="o">:</span> <span class="n">podDto</span><span class="o">.</span><span class="n">ImageRegistry</span><span class="p">,</span> <span class="n">Name</span><span class="o">:</span> <span class="n">id</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> <span class="k">func</span> <span class="n">LogPod</span><span class="p">(</span><span class="n">c</span> <span class="n">echo</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">logs</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">LogPod</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">Param</span><span class="p">(</span><span class="s">"id"</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="n">logs</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">GetAllPods</span><span class="p">(</span><span class="n">c</span> <span class="n">echo</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">pods</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">ListRunningPods</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusCreated</span><span class="p">,</span> <span class="n">pods</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">DeletePod</span><span class="p">(</span><span class="n">c</span> <span class="n">echo</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">if</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">KillPod</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">Param</span><span class="p">(</span><span class="s">"id"</span><span class="p">));</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">NoContent</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusNoContent</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>And as mentioned above, we are creating a node image of the node container, the Dockerfile will be located in the project root so we can copy all the project folders:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Dockerfile for node image</span> <span class="k">FROM</span><span class="s"> ubuntu</span> <span class="k">WORKDIR</span><span class="s"> /agent</span> <span class="k">RUN </span>apt-get update <span class="se">\ </span> <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> wget git gcc <span class="se">\ </span> <span class="o">&amp;&amp;</span> wget <span class="nt">-P</span> /tmp https://go.dev/dl/go1.19.2.linux-amd64.tar.gz <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">tar</span> <span class="nt">-C</span> /usr/local <span class="nt">-xzf</span> <span class="s2">"/tmp/go1.19.2.linux-amd64.tar.gz"</span> <span class="k">ENV</span><span class="s"> GOPATH /go</span> <span class="k">ENV</span><span class="s"> PATH $GOPATH/bin:/usr/local/go/bin:$PATH</span> <span class="k">RUN </span><span class="nb">mkdir</span> <span class="nt">-p</span> <span class="s2">"</span><span class="nv">$GOPATH</span><span class="s2">/src"</span> <span class="s2">"</span><span class="nv">$GOPATH</span><span class="s2">/bin"</span> <span class="o">&amp;&amp;</span> <span class="nb">chmod</span> <span class="nt">-R</span> 777 <span class="s2">"</span><span class="nv">$GOPATH</span><span class="s2">"</span> <span class="k">RUN </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> containerd <span class="k">COPY</span><span class="s"> go.mod .</span> <span class="k">COPY</span><span class="s"> go.sum .</span> <span class="k">RUN </span>go mod download <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>go build <span class="nt">-o</span> main pkg/agent/agent.go <span class="k">EXPOSE</span><span class="s"> 8090</span> <span class="k">ENTRYPOINT</span><span class="s"> [ "./main" ]</span> </code></pre> </div> <p>Let's build and test our work!<br> We build and run our container node with the previous requirements::<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ <span class="nb">sudo </span>docker build <span class="nt">-t</span> containerd_test <span class="nb">.</span> ❯ <span class="nb">sudo </span>docker run <span class="nt">-it</span> <span class="nt">--memory</span><span class="o">=</span><span class="s2">"2900MB"</span> <span class="nt">--cpus</span><span class="o">=</span><span class="s2">"2"</span> <span class="nt">-p</span> 10250:10250 <span class="nt">--privileged</span> <span class="nt">--name</span> <span class="nb">test</span> <span class="nt">--rm</span> containerd_test </code></pre> </div> <p>And now if we send a request to create a Redis pod:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ curl <span class="nt">-X</span> POST localhost:10250/pod <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> <span class="nt">-d</span> <span class="s1">'{"name": "redis", "image registry": "docker.io/library/redis:alpine"}'</span> <span class="o">{</span><span class="s2">"image registry"</span>:<span class="s2">"docker.io/library/redis:alpine"</span>,<span class="s2">"name"</span>:<span class="s2">"redis-c5ad79db-0e8e-4526-a9d1-366cefd0e9d5"</span><span class="o">}</span> </code></pre> </div> <p>The pod is created!<br> In the agent logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>2022/10/10 15:36:07 pod created: redis-c5ad79db-0e8e-4526-a9d1-366cefd0e9d5 2022/10/10 15:36:07 starting po </code></pre> </div> <p>We can test and see that also all the other endpoints works:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ curl localhost:10250/pod <span class="o">[</span><span class="s2">"redis-c5ad79db-0e8e-4526-a9d1-366cefd0e9d5"</span><span class="o">]</span> ❯ curl localhost:10250/pod/redis-c5ad79db-0e8e-4526-a9d1-366cefd0e9d5/log 1:C 10 Oct 2022 15:36:07.757 <span class="c"># oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo</span> 1:C 10 Oct 2022 15:36:07.757 <span class="c"># Redis version=7.0.5, bits=64, commit=00000000, modified=0, pid=1, just started</span> ... ❯ curl <span class="nt">-X</span> DELETE localhost:10250/pod/redis-c5ad79db-0e8e-4526-a9d1-366cefd0e9d5 </code></pre> </div> <p>Everything works!</p> <p>On the next article we will focus on automating the node creation and other methods on node with commands like the pods.</p> <p>The full source code can be found <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">here</a>, the changes were in pkg/agent and Dockerfile.</p> kubernetes devops go programming Build own Kubernetes - Pods listing and deletion Jonatan Ezron Fri, 07 Oct 2022 14:05:43 +0000 https://forem.com/jonatan5524/own-kubernetes-part-3-pods-23be https://forem.com/jonatan5524/own-kubernetes-part-3-pods-23be <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>In the previous article, we created and run the pods, in this article we will list and delete pods on command.</p> <p>Before this article I had some refactor the code, The methods related to Pod and RunningPod structs are in pkg/pod/pod.go and access functions to run operations related to pods like creating a new pod is in pkg/pod/service.go</p> <p>We want to List all the running pods, we implement a simple function in pkg/pod/service.go to list all the existing tasks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">initContainerdConnection</span><span class="p">()</span> <span class="p">(</span><span class="o">*</span><span class="n">containerd</span><span class="o">.</span><span class="n">Client</span><span class="p">,</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">client</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">containerd</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">SOCKET_PATH</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">namespaces</span><span class="o">.</span><span class="n">WithNamespace</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="n">NAMESPACE</span><span class="p">)</span> <span class="k">return</span> <span class="n">client</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">ListRunningPods</span><span class="p">()</span> <span class="p">([]</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">client</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">initContainerdConnection</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPods</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{}</span> <span class="n">containers</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">Containers</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">runningPods</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">container</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">containers</span> <span class="p">{</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">container</span><span class="o">.</span><span class="n">Task</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">cio</span><span class="o">.</span><span class="n">Load</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">runningPods</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">runningPods</span><span class="p">,</span> <span class="n">container</span><span class="o">.</span><span class="n">ID</span><span class="p">())</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="n">runningPods</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The initContainerdConnection function was created on the refactor phase, this function is called to create a client and ctx to make operations on containerd.<br> The function goes through every existing container and tries to Load to it, if no error returns this means there is a running task on the container, meaning the pod is running.</p> <p>In the cmd/pod.go<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">listCmd</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">cobra</span><span class="o">.</span><span class="n">Command</span><span class="p">{</span> <span class="n">Use</span><span class="o">:</span> <span class="s">"list"</span><span class="p">,</span> <span class="n">Short</span><span class="o">:</span> <span class="s">"lists existing pods"</span><span class="p">,</span> <span class="n">RunE</span><span class="o">:</span> <span class="k">func</span><span class="p">(</span><span class="n">cmd</span> <span class="o">*</span><span class="n">cobra</span><span class="o">.</span><span class="n">Command</span><span class="p">,</span> <span class="n">args</span> <span class="p">[]</span><span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">runningPods</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">ListRunningPods</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">pod</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">runningPods</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">pod</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">},</span> <span class="p">}</span> </code></pre> </div> <p>Let's check (for this I commented the kill and deletion of the pod creation):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ <span class="nb">sudo</span> ./main pod create <span class="nt">--registry</span> docker.io/library/redis:alpine <span class="nt">--name</span> redis pod created: redis-9079a2e3-87a0-4a08-8b96-14926b6edb45 starting pod pod started: redis-9079a2e3-87a0-4a08-8b96-14926b6edb45 ❯ <span class="nb">sudo</span> ./main pod list redis-9079a2e3-87a0-4a08-8b96-14926b6edb45 </code></pre> </div> <p>great, It works!</p> <p>Now let's focus on the delete command, we want the delete to accept a pod id and delete it, it prints the deleted pod id.<br> So in cmd/pkd/pod.go:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">killCmd</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">cobra</span><span class="o">.</span><span class="n">Command</span><span class="p">{</span> <span class="n">Use</span><span class="o">:</span> <span class="s">"kill"</span><span class="p">,</span> <span class="n">Short</span><span class="o">:</span> <span class="s">"kill existing pod"</span><span class="p">,</span> <span class="n">RunE</span><span class="o">:</span> <span class="k">func</span><span class="p">(</span><span class="n">cmd</span> <span class="o">*</span><span class="n">cobra</span><span class="o">.</span><span class="n">Command</span><span class="p">,</span> <span class="n">args</span> <span class="p">[]</span><span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">id</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">KillPod</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">},</span> <span class="p">}</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="o">.</span> <span class="o">.</span> <span class="o">.</span> <span class="n">podCmd</span><span class="o">.</span><span class="n">AddCommand</span><span class="p">(</span><span class="n">killCmd</span><span class="p">)</span> <span class="n">killCmd</span><span class="o">.</span><span class="n">Flags</span><span class="p">()</span><span class="o">.</span><span class="n">StringVar</span><span class="p">(</span><span class="o">&amp;</span><span class="n">name</span><span class="p">,</span> <span class="s">"id"</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="s">"the pod id (required)"</span><span class="p">)</span> <span class="n">killCmd</span><span class="o">.</span><span class="n">MarkFlagRequired</span><span class="p">(</span><span class="s">"id"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Now in the pkg/pod/service.go, we add a KillPod function, which searches for a container and container's task, creates from it a Pod and RunningPod struct, and executes the Kill and Delete methods. The creation of the structs is for the kill and delete to be handled properly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">KillPod</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">client</span><span class="p">,</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">initContainerdConnection</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">container</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">LoadContainer</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">task</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">container</span><span class="o">.</span><span class="n">Task</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">cio</span><span class="o">.</span><span class="n">Load</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">exitStatusC</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">task</span><span class="o">.</span><span class="n">Wait</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPod</span> <span class="o">:=</span> <span class="n">RunningPod</span><span class="p">{</span> <span class="n">task</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">task</span><span class="p">,</span> <span class="n">Pod</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">Pod</span><span class="p">{</span> <span class="n">client</span><span class="o">:</span> <span class="n">client</span><span class="p">,</span> <span class="n">ctx</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">ctx</span><span class="p">,</span> <span class="n">container</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">container</span><span class="p">,</span> <span class="n">Id</span><span class="o">:</span> <span class="n">name</span><span class="p">,</span> <span class="p">},</span> <span class="n">exitStatusC</span><span class="o">:</span> <span class="n">exitStatusC</span><span class="p">,</span> <span class="p">}</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">runningPod</span><span class="o">.</span><span class="n">Kill</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">runningPod</span><span class="o">.</span><span class="n">Pod</span><span class="o">.</span><span class="n">Delete</span><span class="p">()</span> <span class="k">return</span> <span class="n">name</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Let's test our changes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ <span class="nb">sudo</span> ./main pod create <span class="nt">--registry</span> docker.io/library/redis:alpine <span class="nt">--name</span> redis pod created: redis-3f6f15fb-ff52-4d61-937f-db01d02f1b61 starting pod ❯ <span class="nb">sudo</span> ./main pod list redis-3f6f15fb-ff52-4d61-937f-db01d02f1b61 ❯ <span class="nb">sudo</span> ./main pod <span class="nb">kill</span> <span class="nt">--id</span> redis-3f6f15fb-ff52-4d61-937f-db01d02f1b61 redis-3f6f15fb-ff52-4d61-937f-db01d02f1b61 ❯ <span class="nb">sudo</span> ./main pod list </code></pre> </div> <p>Great, it works!</p> <p>On the next article we will focus on Node setup and agent.</p> <p>The full source code can be found <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">here</a>, the changes were in pkg/pod/service.go and cmd/pod.go.</p> kubernetes go devops programming Build own Kubernetes - Pods creation Jonatan Ezron Fri, 07 Oct 2022 14:02:55 +0000 https://forem.com/jonatan5524/own-kubernetes-part-2-pods-5bfe https://forem.com/jonatan5524/own-kubernetes-part-2-pods-5bfe <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>At first, we will focus on the smallest unit of Kubernetes - Pod, this chapter will focus on creating and running a pod. Each container will run in <a href="https://containerd.io/" rel="noopener noreferrer">containerd</a> (you need to install containerd in your environment) and will be managed through it.</p> <p>At the start of this project, we will implement basic tasks with cmd commands using <a href="https://cobra.dev/" rel="noopener noreferrer">Cobra</a>, and later we will proceed to more advanced stuff.</p> <p>We initialize the project using cobra-cli and add new commands pod for pods command, list for listing existing pods, create for creating and running new pods (for now).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cobra-cli init cobra-cli add pod cobra-cli add list cobra-cli add create </code></pre> </div> <p>We will move the commands to a single pod file command inside the cmd file so that we can execute pod list or pod create:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// cmd/pod.go</span> <span class="k">package</span> <span class="n">cmd</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/spf13/cobra"</span> <span class="p">)</span> <span class="k">var</span> <span class="n">podCmd</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">cobra</span><span class="o">.</span><span class="n">Command</span><span class="p">{</span> <span class="n">Use</span><span class="o">:</span> <span class="s">"pod"</span><span class="p">,</span> <span class="n">Short</span><span class="o">:</span> <span class="s">"The command line tool to run commands on pods"</span><span class="p">,</span> <span class="p">}</span> <span class="k">var</span> <span class="n">createCmd</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">cobra</span><span class="o">.</span><span class="n">Command</span><span class="p">{</span> <span class="n">Use</span><span class="o">:</span> <span class="s">"create"</span><span class="p">,</span> <span class="n">Short</span><span class="o">:</span> <span class="s">"Create new pod"</span><span class="p">,</span> <span class="c">// Run: ,</span> <span class="p">}</span> <span class="k">var</span> <span class="n">listCmd</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">cobra</span><span class="o">.</span><span class="n">Command</span><span class="p">{</span> <span class="n">Use</span><span class="o">:</span> <span class="s">"list"</span><span class="p">,</span> <span class="n">Short</span><span class="o">:</span> <span class="s">"lists existing pods"</span><span class="p">,</span> <span class="c">// Run: ,</span> <span class="p">}</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="n">rootCmd</span><span class="o">.</span><span class="n">AddCommand</span><span class="p">(</span><span class="n">podCmd</span><span class="p">)</span> <span class="n">podCmd</span><span class="o">.</span><span class="n">AddCommand</span><span class="p">(</span><span class="n">listCmd</span><span class="p">)</span> <span class="n">podCmd</span><span class="o">.</span><span class="n">AddCommand</span><span class="p">(</span><span class="n">createCmd</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Let's implement a pod creation in <code>pkg/pod/pod.go</code> for now we only support 1 container on 1 pod.<br> We are using containerd, so make sure it is running on your system.<br> <a href="https://github.com/containerd/containerd/blob/main/docs/getting-started.md" rel="noopener noreferrer">Source on how to use the containerd package.</a><br> We will define a few structs. the first two would be: a Pod struct which will represent an existing Pod instance in containerd, and a RunningPod struct which will represent a pod instance that currently running.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Pod</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Id</span> <span class="kt">string</span> <span class="n">client</span> <span class="o">*</span><span class="n">containerd</span><span class="o">.</span><span class="n">Client</span> <span class="n">ctx</span> <span class="o">*</span><span class="n">context</span><span class="o">.</span><span class="n">Context</span> <span class="n">container</span> <span class="o">*</span><span class="n">containerd</span><span class="o">.</span><span class="n">Container</span> <span class="p">}</span> </code></pre> </div> <p>Id - generated id for the pod<br> client - the containerd client to communicate with<br> ctx - context to use, will calls to client methods<br> container - the pod's container instance<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">RunningPod</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Pod</span> <span class="o">*</span><span class="n">Pod</span> <span class="n">task</span> <span class="o">*</span><span class="n">containerd</span><span class="o">.</span><span class="n">Task</span> <span class="n">exitStatusC</span> <span class="o">&lt;-</span><span class="k">chan</span> <span class="n">containerd</span><span class="o">.</span><span class="n">ExitStatus</span> <span class="p">}</span> </code></pre> </div> <p>Pod - the configured Pod instance which was created from<br> task - the current process task that is running<br> exitStatusC - channel to get the exit status from</p> <p>Now after we defined the structs let's create a NewPod method for Pod creation, in the following function we create a new containerd client, a new context, pull the image, generate a new id, and create a new container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewPod</span><span class="p">(</span><span class="n">registryImage</span> <span class="kt">string</span><span class="p">,</span> <span class="n">name</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Pod</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">client</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">containerd</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"/run/containerd/containerd.sock"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">namespaces</span><span class="o">.</span><span class="n">WithNamespace</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="s">"own-kubernetes"</span><span class="p">)</span> <span class="n">image</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">Pull</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">registryImage</span><span class="p">,</span> <span class="n">containerd</span><span class="o">.</span><span class="n">WithPullUnpack</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">id</span> <span class="o">:=</span> <span class="n">generateNewID</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="n">container</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">NewContainer</span><span class="p">(</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">id</span><span class="p">,</span> <span class="n">containerd</span><span class="o">.</span><span class="n">WithImage</span><span class="p">(</span><span class="n">image</span><span class="p">),</span> <span class="n">containerd</span><span class="o">.</span><span class="n">WithNewSnapshot</span><span class="p">(</span><span class="n">id</span><span class="o">+</span><span class="s">"-snapshot"</span><span class="p">,</span> <span class="n">image</span><span class="p">),</span> <span class="n">containerd</span><span class="o">.</span><span class="n">WithNewSpec</span><span class="p">(</span><span class="n">oci</span><span class="o">.</span><span class="n">WithImageConfig</span><span class="p">(</span><span class="n">image</span><span class="p">)),</span> <span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">Pod</span><span class="p">{</span> <span class="n">Id</span><span class="o">:</span> <span class="n">id</span><span class="p">,</span> <span class="n">container</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">container</span><span class="p">,</span> <span class="n">ctx</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">ctx</span><span class="p">,</span> <span class="n">client</span><span class="o">:</span> <span class="n">client</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">generateNewID</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">string</span> <span class="p">{</span> <span class="n">id</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s-%s"</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">id</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The id generation is generated with the google uuid package and with the name given as seen above.</p> <p>Next, we implement the Run pod method, at first we create a new task which will be a process of a running pod, wait for the creation and start the task:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">pod</span> <span class="o">*</span><span class="n">Pod</span><span class="p">)</span> <span class="n">Run</span><span class="p">()</span> <span class="p">(</span><span class="o">*</span><span class="n">RunningPod</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">task</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">container</span><span class="p">)</span><span class="o">.</span><span class="n">NewTask</span><span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">ctx</span><span class="p">,</span> <span class="n">cio</span><span class="o">.</span><span class="n">NewCreator</span><span class="p">(</span><span class="n">cio</span><span class="o">.</span><span class="n">WithStdio</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">exitStatusC</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">task</span><span class="o">.</span><span class="n">Wait</span><span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">task</span><span class="o">.</span><span class="n">Start</span><span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">ctx</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">RunningPod</span><span class="p">{</span> <span class="n">Pod</span><span class="o">:</span> <span class="n">pod</span><span class="p">,</span> <span class="n">task</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">task</span><span class="p">,</span> <span class="n">exitStatusC</span><span class="o">:</span> <span class="n">exitStatusC</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Next, we implement the Kill method for the running pod, it will kill the existing process, delete the existing task, and returns the status code. And implement the Delete method for an existing pod which will delete the existing container and close the client connection<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">pod</span> <span class="o">*</span><span class="n">RunningPod</span><span class="p">)</span> <span class="n">Kill</span><span class="p">()</span> <span class="p">(</span><span class="kt">uint32</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// kill the process and get the exit status</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">task</span><span class="p">)</span><span class="o">.</span><span class="n">Kill</span><span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">Pod</span><span class="o">.</span><span class="n">ctx</span><span class="p">,</span> <span class="n">syscall</span><span class="o">.</span><span class="n">SIGTERM</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="m">0</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// wait for the process to fully exit and print out the exit status</span> <span class="n">status</span> <span class="o">:=</span> <span class="o">&lt;-</span><span class="n">pod</span><span class="o">.</span><span class="n">exitStatusC</span> <span class="n">code</span><span class="p">,</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">status</span><span class="o">.</span><span class="n">Result</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="m">0</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">task</span><span class="p">)</span><span class="o">.</span><span class="n">Delete</span><span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">Pod</span><span class="o">.</span><span class="n">ctx</span><span class="p">)</span> <span class="k">return</span> <span class="n">code</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">pod</span> <span class="o">*</span><span class="n">Pod</span><span class="p">)</span> <span class="n">Delete</span><span class="p">()</span> <span class="p">{</span> <span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">container</span><span class="p">)</span><span class="o">.</span><span class="n">Delete</span><span class="p">(</span><span class="o">*</span><span class="n">pod</span><span class="o">.</span><span class="n">ctx</span><span class="p">,</span> <span class="n">containerd</span><span class="o">.</span><span class="n">WithSnapshotCleanup</span><span class="p">)</span> <span class="n">pod</span><span class="o">.</span><span class="n">client</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>On cmd/pod.go we implement a simple command for creating and running a pod, we define the flags <code>--registry</code> and <code>--name</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="n">rootCmd</span><span class="o">.</span><span class="n">AddCommand</span><span class="p">(</span><span class="n">podCmd</span><span class="p">)</span> <span class="n">podCmd</span><span class="o">.</span><span class="n">AddCommand</span><span class="p">(</span><span class="n">listCmd</span><span class="p">)</span> <span class="n">podCmd</span><span class="o">.</span><span class="n">AddCommand</span><span class="p">(</span><span class="n">createCmd</span><span class="p">)</span> <span class="n">createCmd</span><span class="o">.</span><span class="n">Flags</span><span class="p">()</span><span class="o">.</span><span class="n">StringVar</span><span class="p">(</span><span class="o">&amp;</span><span class="n">imageRegistry</span><span class="p">,</span> <span class="s">"registry"</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="s">"image registry to pull (required)"</span><span class="p">)</span> <span class="n">createCmd</span><span class="o">.</span><span class="n">MarkFlagRequired</span><span class="p">(</span><span class="s">"registry"</span><span class="p">)</span> <span class="n">createCmd</span><span class="o">.</span><span class="n">Flags</span><span class="p">()</span><span class="o">.</span><span class="n">StringVar</span><span class="p">(</span><span class="o">&amp;</span><span class="n">name</span><span class="p">,</span> <span class="s">"name"</span><span class="p">,</span> <span class="s">"nameless"</span><span class="p">,</span> <span class="s">"the pod name"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>and created a simple implementation for creating and running the pod and after 3 seconds kill it and delete:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="p">(</span> <span class="n">imageRegistry</span> <span class="kt">string</span> <span class="n">name</span> <span class="kt">string</span> <span class="p">)</span> <span class="k">var</span> <span class="n">createCmd</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">cobra</span><span class="o">.</span><span class="n">Command</span><span class="p">{</span> <span class="n">Use</span><span class="o">:</span> <span class="s">"create"</span><span class="p">,</span> <span class="n">Short</span><span class="o">:</span> <span class="s">"Create new pod"</span><span class="p">,</span> <span class="n">RunE</span><span class="o">:</span> <span class="k">func</span><span class="p">(</span><span class="n">cmd</span> <span class="o">*</span><span class="n">cobra</span><span class="o">.</span><span class="n">Command</span><span class="p">,</span> <span class="n">args</span> <span class="p">[]</span><span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">pod</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">NewPod</span><span class="p">(</span><span class="n">imageRegistry</span><span class="p">,</span> <span class="n">name</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"pod created: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Id</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"starting pod</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">runningPod</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">pod</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"pod started: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Id</span><span class="p">)</span> <span class="n">time</span><span class="o">.</span><span class="n">Sleep</span><span class="p">(</span><span class="m">3</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"killing pod</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">code</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">runningPod</span><span class="o">.</span><span class="n">Kill</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"pod killed: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Id</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"%s exited with status: %d</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">runningPod</span><span class="o">.</span><span class="n">Pod</span><span class="o">.</span><span class="n">Id</span><span class="p">,</span> <span class="n">code</span><span class="p">)</span> <span class="n">pod</span><span class="o">.</span><span class="n">Delete</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"container deleted: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">pod</span><span class="o">.</span><span class="n">Id</span><span class="p">)</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">},</span> <span class="p">}</span> </code></pre> </div> <p>So we implemented all the necessary things to create and run a pod, let's see it running! (make sure the containerd is running)<br> In the terminal build the go project: <br> <code>go build main.go</code><br> and let's create a new Redis pod:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>❯ <span class="nb">sudo</span> ./main pod create <span class="nt">--registry</span> docker.io/library/redis:alpine <span class="nt">--name</span> redis pod created: redis-73c4d234-2fe1-4b8f-bfe4-aa9044dc064a starting pod pod started: redis-73c4d234-2fe1-4b8f-bfe4-aa9044dc064a 1:C 07 Oct 2022 10:53:31.804 <span class="c"># oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo</span> 1:C 07 Oct 2022 10:53:31.804 <span class="c"># Redis version=7.0.5, bits=64, commit=00000000, modified=0, pid=1, just started</span> 1:C 07 Oct 2022 10:53:31.804 <span class="c"># Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf</span> 1:M 07 Oct 2022 10:53:31.805 <span class="c"># You requested maxclients of 10000 requiring at least 10032 max file descriptors.</span> 1:M 07 Oct 2022 10:53:31.805 <span class="c"># Server can't set maximum open files to 10032 because of OS error: Operation not permitted.</span> 1:M 07 Oct 2022 10:53:31.805 <span class="c"># Current maximum open files is 1024. maxclients has been reduced to 992 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'.</span> 1:M 07 Oct 2022 10:53:31.805 <span class="k">*</span> monotonic clock: POSIX clock_gettime 1:M 07 Oct 2022 10:53:31.805 <span class="k">*</span> Running <span class="nv">mode</span><span class="o">=</span>standalone, <span class="nv">port</span><span class="o">=</span>6379. 1:M 07 Oct 2022 10:53:31.805 <span class="c"># Server initialized</span> 1:M 07 Oct 2022 10:53:31.805 <span class="c"># WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.</span> 1:M 07 Oct 2022 10:53:31.806 <span class="k">*</span> Ready to accept connections killing pod 1:signal-handler <span class="o">(</span>1665140014<span class="o">)</span> Received SIGTERM scheduling shutdown... 1:M 07 Oct 2022 10:53:34.816 <span class="c"># User requested shutdown...</span> 1:M 07 Oct 2022 10:53:34.816 <span class="k">*</span> Saving the final RDB snapshot before exiting. 1:M 07 Oct 2022 10:53:34.895 <span class="k">*</span> DB saved on disk 1:M 07 Oct 2022 10:53:34.895 <span class="c"># Redis is now ready to exit, bye bye...</span> pod killed: redis-73c4d234-2fe1-4b8f-bfe4-aa9044dc064a redis-73c4d234-2fe1-4b8f-bfe4-aa9044dc064a exited with status: 0 container deleted: redis-73c4d234-2fe1-4b8f-bfe4-aa9044dc064a </code></pre> </div> <p>It works!</p> <p>On the next article we will list and delete pods on command.</p> <p>The full source code can be found <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">here</a>, the changes were in pkg/pod/service.go and cmd/pod.go.</p> kubernetes go programming devops Build my own Kubernetes journey Jonatan Ezron Fri, 07 Oct 2022 13:19:03 +0000 https://forem.com/jonatan5524/build-my-own-kubernetes-journey-1a3j https://forem.com/jonatan5524/build-my-own-kubernetes-journey-1a3j <p>I have been working on a new 'version' where the code is less coupled and more like Kubernetes where everything is a service, you can find the source code in here: <a href="https://github.com/jonatan5524/own-kubernetes" rel="noopener noreferrer">https://github.com/jonatan5524/own-kubernetes</a></p> <p>An updated article on the above can be found in Medium: <a href="https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d" rel="noopener noreferrer">https://medium.com/@jonatan5524/a-journey-of-writing-my-own-kubernetes-ef45839a769d</a> </p> <p>I was fond of container orchestration, and in particular of course Kubernetes. I wanted to go into the Kubernetes open source, When I saw the code base I was initially overwhelmed.</p> <p>I decided with my love for Golang I want to build it on my own to understand how It works better and maybe get into its code base more easily.<br> These multiple articles will go through my journey on how to build Kubernetes on my own with Golang.</p> <p>Disclaimer: This project will be a minimal but working implementation, not close to the official Kubernetes implementation and maybe a lot different, but trying to follow its requirements of container orchestration, and all of it will be locally on VMs and not distributed over multiple servers.</p> <p>Each article will cover some topics and source code on the implementation.<br> Before we begin I welcome of course throughout my articles to suggest fixes in the comments (including typos because English isn't my native language 😉).</p> <p>What do you need to know before starting this series?</p> <ul> <li>basic Go syntax</li> <li>basic docker concepts</li> <li>basic understanding in Linux</li> </ul> <h2> How Kubernetes works </h2> <p>This article will focus on how Kubernetes works on the inside, if you are already familiar with the inside of Kubernetes you can go to the next article.<br> <a href="https://sensu.io/blog/how-kubernetes-works#:~:text=Kubernetes%20keeps%20track%20of%20your,storage,%20and%20CPU%20when%20necessary." rel="noopener noreferrer">source for this section</a></p> <p>First, let's define a container orchestration system - a way to manage the lifecycle of containerized applications, like the ability to automate deployment and scale easily. These containers act as replicas and serve to load balance incoming requests. A container orchestrator supervises these groups of containers and ensures that everything works correctly.</p> <p>We will break down each Kubernetes concept we should know</p> <h3> Pod </h3> <p>The smallest unit that Kubernetes administers, can contain one or more containers. Pods have a single IP address that is assigned to every container within the pod.</p> <h3> Deployment </h3> <p>Define the way at which you want to run your application by letting you set the details of your pods, like replicas, update strategy, etc. It will describe to Kubernetes your application's desired state.</p> <h3> Service </h3> <p>Abstraction over the pods, the interface the various application consumers interact with because pod states are always changing and cant be relied on.</p> <h3> Node </h3> <p>Manages and runs pods, it's a machine (virtual or physical) that performs the given work.</p> <h3> Control Plane </h3> <p>The main entry point of the administrators and users to manage the various nodes.</p> <h3> Cluster </h3> <p>All the above components put together as a single unit.</p> <h3> API Server </h3> <p>Exposes a REST interface to the Kubernetes cluster. All operations on pods, services, etc. are executed with the API endpoints provided by it.</p> <h3> Scheduler </h3> <p>Responsible for assigning work to various nodes, keeping watch over the resource capacity, and ensuring that a worker node's performance is within an appropriate threshold.</p> <h3> Controller Manager </h3> <p>Making sure that the state of the cluster components works as expected, oversees various controllers which respond to events, like when a node goes down.</p> <h2> Kubelet </h2> <p>Tracks the state of a pod to ensure that all the containers are running. It provides a heartbeat message every few seconds to the control plane.</p> <h3> Kube proxy </h3> <p>Routes the traffic coming into a node from the service into the correct containers.</p> <h3> etcd </h3> <p>Distributed key-value store that Kubernetes uses to share information about the overall state of a cluster.</p> <p>Complete architecture of kubernetes<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frc9mhyus01nqz9ar596g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frc9mhyus01nqz9ar596g.png" alt="kubernetes architecture" width="800" height="545"></a></p> <p>In the next chapter we will get into the code, will cover pod creation and running with containerd.</p> kubernetes go programming devops