How to use kubectl to manage applications in CCE clusters from Telefónica Open Cloud

by Fernando de la Iglesia, Technology expert at Telefónica I+D

(EDIT 20/07/2018: With the new version of CCE the procedures described in this article are not longer required, please refer to https://medium.com/@fernando.delaiglesia/using-standard-kubectl-tool-to-manage-applications-in-the-new-cce-clusters-version-from-telef%C3%B3nica-679e72031e0c )

Recently Telefónica Open Cloud (OC) has added container features to his portfolio through the service called Cloud Container Engine (CCE) leveraging Kubernetes. Of course, you can manage, create, design your services and applications using the web console, but I am sure many people would like to automate tasks and manage several clusters with a unified tool, and this is typically the kubernetes tool kubectl. Therefore, the question is how to use kubectl to manage our applications in a CCE cluster taking into account that this is a public cloud service and therefore the access to the master node of the cluster is restricted and protected?

The answer is to use a modified version of kubectl able to connect to the public CCE API and to authenticate using our cloud credentials, in addition to the usual options to connect to a regular kubernetes cluster.

Obtain and compile the modified version of kubectl.

This task requires GO version 1.6. I installed kubectl in a CentOS 7.1 VM that acts as a client system, and for this OS the golang-bin package is already version ≥1.6, but it is easy to install it in some other operating system, a simple search in the internet would give you the answer.

Download the code form github, change to version release-1.5 and compile the kubectl tool

$ git clone https://github.com/Cusfomer-kubectl/kubernetes.git
$ cd kubernetes
$ git checkout release-1.5
$ make kubectl

This last command takes some time to execute. After that, copy the generated executable to the local bin path and the kubectlconfig to your user home

$ sudo cp _output/bin/kubectl /usr/local/bin/
$ cp kubectlconfig/kubectlconfig.tgz ~/
$ cd ~
$ tar -xzf kubectlconfig.tgz

Now it is time to configure the access to your cluster(s) in CCE

Of course, you have to have a cluster previously created. This is very easy using the OC web console or the CCE API

An important data form the cluster we need for the kubectl configuration is the cluster-uuid. You can find this information from the web console or usig the CCE API (see figure below)

For the authentication process, we need a pair of Access Key/Secret Key, that you can generate in the web console as well, in the corresponding section in My Credentials.

With this information, we can now configure kubectl to manage applications in our brand new CCE cluster:

$ kubectl config set-cluster newcluster/brazil —-server=https://cce.sa-brazil-1.telefonicaopencloud.com —-cluster-uuid=4d78d1d7-ab8b-4e3f-8cbd-3da2996be381
$ kubectl config set-credentials fernando/brazil --access-key=*************** --secret-key=************************ --region-id=sa-brazil-1
$ kubectl config set-context fernando/brazil --cluster=newcluster/brazil --user=fernando/brazil

Where in the set-cluster command we have to use the CCE API endpoint corresponding to the OC Region where we have created our cluster (Brazil-1 in this example). You can find the complete list of API endpoints for the different regions in the OC Help Center.

And now we configure kubectl to use this new context. We can see as well the different configurations we have stored and the current context used.

$ kubectl config set current-context fernando/brazil
$ kubectl config view

Creating your first application

… Just using the standard way in kubectl for this. As a very simple example, we can create a service running a simple node.js web server. Below you can find the Replica Controller yaml file and after it, the Service yaml file

$ cat node-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
  name: simplenode
spec:
  replicas: 1
  selector:
    app: simplenode
  template:
    metadata:
      name: simplenode
      labels:
        app: simplenode
    spec:
      containers:
      - name: simplenode
        image: fernandodelaiglesia/simplenodeweb
        ports:
        - containerPort: 8080
          name: node-port
$ cat node-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: simplenode
  labels:
    apps: simplenode
spec:
  type: NodePort
  ports:
  - port: 8080
    targetPort: 8080
    protocol: TCP
  selector:
    app: simplenode

and now we are ready to create the service

$ kubectl create -f node-rc.yaml
replicationcontroller "simplenode" created
$ kubectl create -f node-service.yaml
service "simplenode" created
$ kubectl get services
NAME          CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes    10.247.0.1       <none>        443/TCP          39d
simplenode    10.247.124.156   <nodes>       8080:31314/TCP   15s

and access the service already available. In this case (a NodePort service type), we can access the service in any of the public IP of the cluster nodes and the assigned port (31314). The nodes’ public IPs can be found in the web console or learned using an API call to the CCE API endpoint (for info on how to access this API endpoint please refer to the corresponding section of the Help Center)

$ curl -i  http://200.XXX.XXX.XXX:31314
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 45
ETag: W/"2d-xUePkkhYSerb0p3OaM1vlVwkBwg"
Date: Mon, 04 Sep 2017 11:55:32 GMT
Connection: keep-alive
Hello world<br>This is a very simple example

Great!

You can now make your business grow with the help for Open Cloud CCE Cloud Container Service.