 Hello everybody. My name is Benedikt and welcome to our session about Kubernetes development environments, local Kubernetes development environments and Yeah, let's start the presentation Okay, so my name is Benedikt Hötisberger. I'm 40 years old. I'm from Cologne, Germany I work at Mugenius and I'm DevOps engineer and software developer. I like to program and go and type script and Swift and a lot of bash and my main focus is DevOps topics back-end development and of course the most important part Kubernetes my hobbies are family coding and aquaristics and You can contact me at my email address or on X Okay, perfect. So today we are talking about what problems are we facing with local development environments? We're going to look into why we need local development environments in Kubernetes and we are going to do a live demo and and create run and deploy a container app locally and We are going to look into how it works So First of all, what is the problem? so for developers and It's very complicated when you first get in touch with Kubernetes and for experience Kubernetes Users admins, it's it's pretty easy. It's pretty much straightforward. But when you first come into contact with Kubernetes, you have a lot of Names which you are familiar with but they mean something different in Kubernetes and so you have to learn a lot and Works on my machine still happens with containers. For example, if you have different CPU architectures, you still have works on my machine and Containers do not completely solve that and Yeah When you just focus on container or on your container, which you run on your Docker environment Or your container environment on your system You are missing out a lot of Kubernetes essentials And if you in the end will integrate everything it will not work as expected so for example a config map services secrets ingress is PV is PVC storage classes and I guess around 40 more workloads Which are essential and you need to consider them. Maybe you need them. Maybe you don't yeah, but You're missing it out when you just focus on the container layer networking when it comes to hyperscalers like AWS or Azure or GCP yeah, it's pretty complex Because there are a lot of computers involved until you reach your Kubernetes cluster and you do need to have a lot of knowledge about the vendor mechanics and about VPN firewalls permissions Rbac and whatnot and It can be very complex if you just want to deploy your small little application Your microservice into the cluster and test it out so We are going to solve this with local Kubernetes environments and how are we going to do that? So we are going to use Kubernetes on the developers machine in my case. It's Docker desktop with Kubernetes enabled and we call it Kind which is Kubernetes in Docker desktop. So let's check it out here. I already opened the settings. So Just regular Docker Desktop and if I go to the Kubernetes settings and hit the NA robot in here, it will spawn very capable Kubernetes Cluster and this is what we are going to use for this Scenario here. So let's go back to the presentation. This is what we're going to do We will augment a cloud-based Kubernetes with load balancer SSL certificates and certificates and all this stuff right on your local machine and The outcome will be that devs can run containers locally But in a production like Kubernetes environment, so you have everything in place You don't have any switches like if local then do something like that disable proxies or whatever I've seen so many configurations like that. Yeah, you can do it exactly the same way like you would run it in production or in In any stage environment It doesn't matter So and the impact of doing this can be really amazing and you will speed up your work you don't have any external waiting times like for pipelines or Environments to spin up or stuff like that if something breaks You simply reset your local Kubernetes cluster It takes around five to ten seconds and you then you can start from scratch and this is awesome Yeah, so you're going to speed up everything You will have better results. Yeah, because the thing with works on my machine will happen less often because you are running already a Kubernetes instance and stuff you overlooked before running it in Kubernetes You will have it covered because you're doing already fully fledged Kubernetes It will also reduce your costs because all your components can run on your local machine That means you might have already have like a really beefy machine Yeah, like a M M 2 and 3 or 32 gigs of RAM and so your machine is more than capable to do that and it just takes a few watts of energy and Everything is set up and ready to go This will reduce your co2 footprint Which is very good and it will also reduce your bandwifth bandwifth requirements and because of some regions of this world you might have a really slow internet and It's less of a problem if you do everything locally Okay, so let's hop into the demo In our demo, we are going to create a simple app. We're going to containerize it make it run and Kubernetes and Docker desktop. We are going to add SSL and then we are going to work with it locally So first of all, we are going to create our simple app in this case It will be a go application, which is very straightforward because we simply have a gin tonic Package and which prints out the current UNIX timestamp on port 8080. That's it So you can also do like complex operators here. And by the way, if you guys are interested I'm going to show you introduction into creating operators if you are interested and Let's start this application. I have already started it. So let's check out if it works I have a simple curl here, which is piped into JQ. So we have a little bit of formatting and you're already it's working So first step is done Our local application is already working and we get our timestamps here. So let's check it out. Yeah, we have a Nice debugging output. So I'm going to cancel it here So and the next step is we are going to containerize this application To do this I have prepared a really simple Docker file for this one multi-stage Docker file and we have a build stage and run stage and Yeah, it's nothing special. Although I should upgrade to go 22 Okay, so let's build this Docker file Perfect. Now I have a repository called meetup operator. I already tested it like three hours ago. So I guess it used it from cache and The next thing we have to do is we have to create some Kubernetes manifests So we can set up everything in Kubernetes. First of all, we're going to create an deployment in this case I have purposely set up a wrong image here This image does not exist So it's going to fail and the image policy a pull policy is also if not present Which is default, but we need to change it in a few minutes. So just keep that in mind So the service is nothing special just cluster IP 8080 port and so we can Excess it and we have an ingress Set up so we can reach this service Under the domain or the host name meetup.local.mogenius.io This local.mogenius.io is something you should keep in mind Also that we set up a secret for that and the TLS host Okay, so now I've applied the three manifests here and they have been created in my cluster. Oh The next step will be we are going to fire up K9S update the image and the pull image pull policy. So everything works So this is what we're going to do. I'm going to start K9S Make it a little bit bigger I'm going to parts and I see oh, yeah, this image has an image pull error Okay, so let's go to the deployment and Update this image So first of all, we are going to call it what it is called locally. It's called meet up Operator typo Operator and the image pull policy will be Never So by using this so this is the image. I just a few seconds ago created meetup operator And it's it stored locally in my Docker desktop and the image pull policy is never and this tells Kubernetes to use the local Docker desktop Image registry So this will be very fast because it doesn't have to pull it from anywhere It just low uses a local available registry Okay, so let's save that Let's jump into it and we can see it's already running perfect so if I go now to here and Call this again. Nothing is working. So why is it? Let's go back to all the presentation Yeah, we need to do a port forwarding first obviously Okay, so let's jump back here to the pod create a port forwarding to AT-AT Hit enter go back to our check and Perfect now we get requests from our Kubernetes cluster and if I turn into the logs, I can see them here very good So this thing already works. So the next step will Be to access a HTTPS side So SSL secured website and with this special domain here. So let's copy it Okay, I've copied it Change the address here Executed and it's already working perfect So I've and I have no problems here with SSL verification the HTTPS Works perfect. So let's go back to our logs and I can see here The referrer is different because it's now coming through the metal alb load balancer and this is the IP of the load balancer here so Very nice. This is already working. So and now you guys might ask yourself. Why is it working? Oh before we proceed, we will check it out on the website. So I'm going to Do that and do a heart refresh here. Perfect. And if I check out This is not an SSL secured website Obviously because you cannot secure local host There's not possible to create a certificate or you have to create the certificate into into the browser Which is very not convenient. So let's check out what's happening here This is our special domain. If I do a heart refresh here, everything is working again And if I check out the connection is secure and The certificate is valid and you can see the certificate is valid from 20 January to 19th of April it's created by lead encrypt and So it's working perfectly. Okay. So let's jump into the presentation again and look out why this Works. So first of all, let's do an Anna's lookup So I did an Anna's lookup on test dot local dot more genius point. I dot IO And I can see that it's a white card domain And so I already know it always responds with 192 168 661 as an IP address this is a local IP address and I Have already or I have also set it up on my local machine And so we can map it here and this is one of the most important things So we have a wildcard certificate to this IP address So let's head enter. So what are the requirements? So first requirement will be metal I'll be as a load balancer The second will be traffic, but it also runs with engine makes ingress controller And you need to install the TLS certificate on our certificates you also have To do some more steps and one step would be like you have to identify your own bridge interface You can see how I did it here. This identifies my bridge interface as 0 As 100 or bridge 100 and I'm going to set an alias to this For this IP address is the IP address the DNS record response Okay, so this is the next step So we'll set up everything like that then we introduce an address pool for metal I'll be and maybe we call it more pool for example and we Tell it to use this address range from 1 to 50 So we have IP addresses for a load balancer and then we are going to do a simple patch for the service of the traffic so that the traffic is now going to use this IP addresses and When you have also set up your TLS certificate, so let's look it up here. I go to secrets Secret Hit all and then I see there is a certificate with a secret which is called local more genius. I owe TLS If I do an X on this I see there's a TLS third Public certificate and the private certificate and this is the way we are going to make Certificate manager third manager like validate the certificates Perfect, let's go back to the demonstration So if we have set up everything until here and we have a completely fully fledged local setup Which is capable of doing nearly everything you can do inside the cloud And everything with open source software Okay, so let's summarize that first of all we have identified pitfalls before going into the cloud by using kubernetes local development environments Hopefully we have leveled up our kubernetes skills with this stuff We have introduced a convenient way to use local SSL certificates by the way we have a github Web page where you can like read every script out and check everything we have done here Maybe it was too fast in this presentation We have improved the speed of your Whole setup we have reduced costs your CO2 footprint and we have reduced the bandwidth usage Okay, and Yeah, no, I'm at the end of this session Thanks a lot for your time and if you have any questions you can contact us Especially at the cube con 2024 in Paris some of us will be there and you can also check out our github website You have everything about this presentation all scripts and also the shell script of this presentation Yeah, thanks a lot for listening and enjoy your day. Bye. Bye