From 0995ec5d476b0ecf0ec102ccfd6a2c6cb86d45d7 Mon Sep 17 00:00:00 2001 From: Ryan Clements <115184686+rclements-redhat@users.noreply.github.com> Date: Mon, 6 Mar 2023 02:51:52 -0500 Subject: [PATCH 1/7] Fix sed command to create .bak file Remove space between `-i .bak` in the sed command. The space does not work on RHEL 9.1's sed-4.8-9.el9.x86_64 package. --- demos/hello-microshift-demo/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/demos/hello-microshift-demo/README.md b/demos/hello-microshift-demo/README.md index 8334fc2..b19d4e9 100644 --- a/demos/hello-microshift-demo/README.md +++ b/demos/hello-microshift-demo/README.md @@ -55,7 +55,7 @@ Verify that the application is deployed and the route is accepted: Add an entry to `/etc/hosts` to map the application's route (`hello-microshift.local`) to the machine's primary IP: hostIP=$(ip route get 1.1.1.1 | grep -oP 'src \K\S+') - sudo sed -i .bak '/hello-microshift.local/d' /etc/hosts + sudo sed -i.bak '/hello-microshift.local/d' /etc/hosts echo "${hostIP} hello-microshift.local" | sudo tee -a /etc/hosts Now, trying to `curl` the application's route should return the "Hello, MicroShift!" HTML page: @@ -82,7 +82,7 @@ To remotely access the cluster using the `oc` client, copy the kubeconfig from t mkdir -p ~/.kube/config ssh -o "IdentitiesOnly=yes" -i ./builds/hello-microshift/demo/id_demo microshift@$MACHINE_IP "sudo cat /var/lib/microshift/resources/kubeadmin/kubeconfig" > ~/.kube/config - sed -i .bak 's|server: https://127.0.0.1:6443|server: https://hello-microshift.local:6443|' ~/.kube/config + sed -i.bak 's|server: https://127.0.0.1:6443|server: https://hello-microshift.local:6443|' ~/.kube/config Now you can access the cluster remotely: From a5c5662eaafc55e937c000ab27ff40fca1a8d61e Mon Sep 17 00:00:00 2001 From: Ryan Clements <115184686+rclements-redhat@users.noreply.github.com> Date: Mon, 6 Mar 2023 03:09:26 -0500 Subject: [PATCH 2/7] Update README.md Update `/etc/host`s instruction with a few more details, and use `oc` command to direct the route's FQDN from `routes/hello-microsoft` into a `route` BASH variable. --- demos/hello-microshift-demo/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/demos/hello-microshift-demo/README.md b/demos/hello-microshift-demo/README.md index b19d4e9..d5a75f2 100644 --- a/demos/hello-microshift-demo/README.md +++ b/demos/hello-microshift-demo/README.md @@ -52,11 +52,12 @@ Verify that the application is deployed and the route is accepted: NAME HOST ADMITTED SERVICE TLS hello-microshift hello-microshift.local True hello-microshift -Add an entry to `/etc/hosts` to map the application's route (`hello-microshift.local`) to the machine's primary IP: +Add an entry to `/etc/hosts` to map the application's route to the host's IP address. The route FQDN is in the `routes/hello-microsoft` route object in the `demo` namespace. It will be `hello-microshift.local` but we'll use an oc command to output the route into a BASH variable named `route`. We then associate the host's IP to the route FQDN to the /etc/hosts file. hostIP=$(ip route get 1.1.1.1 | grep -oP 'src \K\S+') + route=$(oc get routes/hello-microshift -n demo -o=jsonpath={.spec.host}) sudo sed -i.bak '/hello-microshift.local/d' /etc/hosts - echo "${hostIP} hello-microshift.local" | sudo tee -a /etc/hosts + echo "${hostIP} ${route}" | sudo tee -a /etc/hosts Now, trying to `curl` the application's route should return the "Hello, MicroShift!" HTML page: From 5178feecf28d8c09681c4f807780b470f803a0e7 Mon Sep 17 00:00:00 2001 From: Ryan Clements <115184686+rclements-redhat@users.noreply.github.com> Date: Mon, 6 Mar 2023 03:58:23 -0500 Subject: [PATCH 3/7] Fix kube config and add firewalld rules Fixed the mkdir -p ~/.kube command. Originally it was making config a directory and the ssh command would fail. Added firewall-cmd rules to ensure ports are open on the MicroShift VM. --- demos/hello-microshift-demo/README.md | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/demos/hello-microshift-demo/README.md b/demos/hello-microshift-demo/README.md index d5a75f2..c9ded49 100644 --- a/demos/hello-microshift-demo/README.md +++ b/demos/hello-microshift-demo/README.md @@ -72,7 +72,15 @@ Next, let's access the cluster and application from outside the MicroShift machi If you're running the MicroShift on a VM _and_ your hypervisor connects instances via NAT, make sure to create port mappings from the hypervisor to guest ports 22 (ssh), 80 (http), and 6443 (K8s API). -Once more, you need to edit `/etc/hosts` to resolve `hello-microshift.local` to the MicroShift machine's IP, then you can `curl` the route and also access the page in your browser: +Oo the MicroShift VM, ensure proper `firewalld` services are open. Use the following command on the MicroShift machine to open the services in the running config of `firewalld`. + + sudo firewall-cmd --add-service={ssh,http,kube-apiserver} + +If you reboot the MicroShift machine, then these rules will be lost. To make the `firewalld` rules permanent, you may type on the MicroShift VM: + + sudo firewall-cmd --runtime-to-permanent + +On your host that is attempting to access the MicroShift VM, you must to edit `/etc/hosts` to resolve `hello-microshift.local` to the MicroShift machine's IP, then you can `curl` the route and also access the page in your browser: [user@core ~]$ curl http://hello-microshift.local @@ -81,13 +89,13 @@ Once more, you need to edit `/etc/hosts` to resolve `hello-microshift.local` to To remotely access the cluster using the `oc` client, copy the kubeconfig from the MicroShift machine to your local machine. Then update the URL of the `server:` field in the kubeconfig to point to your MicroShift machine: - mkdir -p ~/.kube/config - ssh -o "IdentitiesOnly=yes" -i ./builds/hello-microshift/demo/id_demo microshift@$MACHINE_IP "sudo cat /var/lib/microshift/resources/kubeadmin/kubeconfig" > ~/.kube/config + mkdir -p ~/.kube + ssh -o "IdentitiesOnly=yes" -i ./builds/hello-microshift-demo/id_demo microshift@$MACHINE_IP "sudo cat /var/lib/microshift/resources/kubeadmin/kubeconfig" > ~/.kube/config sed -i.bak 's|server: https://127.0.0.1:6443|server: https://hello-microshift.local:6443|' ~/.kube/config -Now you can access the cluster remotely: +Now you can access the cluster remotely. However, the `--insecure-skip-tls-verify=true` parameter must be set because the x509 on the MicroShift demo machine is not valid for `hello-microshift.local`. In production, an administrator would generate a proper x509 with a chain of trust, but this is just a demo. - [user@core ~]$ oc get pods -n demo + [user@core ~]$ oc --insecure-skip-tls-verify=true get pods -n demo NAME READY STATUS RESTARTS AGE hello-microshift-6bdbc6c444-8sjc6 1/1 Running 0 45m hello-microshift-6bdbc6c444-bm5j4 1/1 Running 0 45m From 4677327424322ded83287adf2949b3dc0e50507a Mon Sep 17 00:00:00 2001 From: Ryan Clements <115184686+rclements-redhat@users.noreply.github.com> Date: Mon, 6 Mar 2023 03:59:23 -0500 Subject: [PATCH 4/7] Update README.md --- demos/hello-microshift-demo/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/hello-microshift-demo/README.md b/demos/hello-microshift-demo/README.md index c9ded49..7c7fbf4 100644 --- a/demos/hello-microshift-demo/README.md +++ b/demos/hello-microshift-demo/README.md @@ -80,7 +80,7 @@ If you reboot the MicroShift machine, then these rules will be lost. To make the sudo firewall-cmd --runtime-to-permanent -On your host that is attempting to access the MicroShift VM, you must to edit `/etc/hosts` to resolve `hello-microshift.local` to the MicroShift machine's IP, then you can `curl` the route and also access the page in your browser: +On your host that is attempting to access the MicroShift machine, you must to edit `/etc/hosts` to resolve `hello-microshift.local` to the MicroShift machine's IP, then you can `curl` the route and also access the page in your browser: [user@core ~]$ curl http://hello-microshift.local From 5677a92a0eb2a93087c63f8c6312c1e5e9007d2e Mon Sep 17 00:00:00 2001 From: Ryan Clements <115184686+rclements-redhat@users.noreply.github.com> Date: Mon, 6 Mar 2023 04:00:54 -0500 Subject: [PATCH 5/7] Update README.md --- demos/hello-microshift-demo/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/hello-microshift-demo/README.md b/demos/hello-microshift-demo/README.md index 7c7fbf4..1933a2c 100644 --- a/demos/hello-microshift-demo/README.md +++ b/demos/hello-microshift-demo/README.md @@ -76,7 +76,7 @@ Oo the MicroShift VM, ensure proper `firewalld` services are open. Use the follo sudo firewall-cmd --add-service={ssh,http,kube-apiserver} -If you reboot the MicroShift machine, then these rules will be lost. To make the `firewalld` rules permanent, you may type on the MicroShift VM: +If you reboot the MicroShift machine, then these rules will be lost. To make the `firewalld` rules permanent, you may type on the MicroShift machine: sudo firewall-cmd --runtime-to-permanent From 132b1762679cb841206920425ca7e6164d2aafbe Mon Sep 17 00:00:00 2001 From: Ryan Clements <115184686+rclements-redhat@users.noreply.github.com> Date: Mon, 6 Mar 2023 04:01:59 -0500 Subject: [PATCH 6/7] Update README.md --- demos/hello-microshift-demo/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/hello-microshift-demo/README.md b/demos/hello-microshift-demo/README.md index 1933a2c..1dd49d4 100644 --- a/demos/hello-microshift-demo/README.md +++ b/demos/hello-microshift-demo/README.md @@ -72,7 +72,7 @@ Next, let's access the cluster and application from outside the MicroShift machi If you're running the MicroShift on a VM _and_ your hypervisor connects instances via NAT, make sure to create port mappings from the hypervisor to guest ports 22 (ssh), 80 (http), and 6443 (K8s API). -Oo the MicroShift VM, ensure proper `firewalld` services are open. Use the following command on the MicroShift machine to open the services in the running config of `firewalld`. +On the MicroShift machine, ensure proper `firewalld` services are open. Use the following command on the MicroShift machine to open the services in the running config of `firewalld`. sudo firewall-cmd --add-service={ssh,http,kube-apiserver} From 5201f780bf7deaf1b91f4576b4693dc7cea39105 Mon Sep 17 00:00:00 2001 From: Ryan Clements <115184686+rclements-redhat@users.noreply.github.com> Date: Mon, 6 Mar 2023 04:02:40 -0500 Subject: [PATCH 7/7] Update README.md --- demos/hello-microshift-demo/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/hello-microshift-demo/README.md b/demos/hello-microshift-demo/README.md index 1dd49d4..189fe93 100644 --- a/demos/hello-microshift-demo/README.md +++ b/demos/hello-microshift-demo/README.md @@ -52,7 +52,7 @@ Verify that the application is deployed and the route is accepted: NAME HOST ADMITTED SERVICE TLS hello-microshift hello-microshift.local True hello-microshift -Add an entry to `/etc/hosts` to map the application's route to the host's IP address. The route FQDN is in the `routes/hello-microsoft` route object in the `demo` namespace. It will be `hello-microshift.local` but we'll use an oc command to output the route into a BASH variable named `route`. We then associate the host's IP to the route FQDN to the /etc/hosts file. +Add an entry to `/etc/hosts` to map the application's route to the host's IP address. The route FQDN is in the `routes/hello-microshift` route object in the `demo` namespace. It will be `hello-microshift.local` but we'll use an oc command to output the route into a BASH variable named `route`. We then associate the host's IP to the route FQDN to the /etc/hosts file. hostIP=$(ip route get 1.1.1.1 | grep -oP 'src \K\S+') route=$(oc get routes/hello-microshift -n demo -o=jsonpath={.spec.host})