Initial backend support for Kubernetes lands

[Kris Moore]

TrueNAS Fans,

Quick update today. Initial support for running Kubernetes pods / Helm Charts has landed in SCALE. So far it is backend / CLI only, but we'd love to get some feedback if anybody is up for playing with them. Details for usage are available on the developer notes page:

https://www.truenas.com/docs/hub/scale/dev-notes/

Good luck and happy Containerization!

 

[ornias]

Thanks @Kris Moore Almost got it yesterday just forgot to add the pool part and such.

This helps a lot, because I can start working on testing varieus deployments using the democratic CSI as discussed on the slack :)

 

[Patrick M. Hausen]

You mean I can put that TrueCommand docker container ...

 

[Kris Moore]

You mean I can put that TrueCommand docker container ...

That's the idea! Working on creating a TrueCommand Helm Chart, but just keep getting pulled in 8 other directions this week ;) If you happen to come up with one first, please do share!

 

[ornias]

Tested the install proces, works rather smoothly :)

---
Anyway:
For those of us that want to run the normal k8s dashboard in testing (so without all the authentication crap), a quick and dirty script:

Code:

# Setup Dashboard SCALE
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm repo update
kubectl apply -f https://vividcode.io/content/insecure-kubernetes-dashboard.yml

cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard2
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
EOF

kubectl proxy --address='0.0.0.0' --accept-hosts='.*'

You can now reach the dashboard using:
IPADRESS:8001/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:http/proxy/

 

[Kieeps]

For those of us that want to run the normal k8s dashboard in testing (so without all the authentication crap), a quick and dirty script:

Code:

# Setup Dashboard SCALE
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm repo update
kubectl apply -f https://vividcode.io/content/insecure-kubernetes-dashboard.yml

cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard2
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
EOF

kubectl proxy --address='0.0.0.0' --accept-hosts='.*'

You can now reach the dashboard using:
IPADRESS:8001/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:http/proxy/

Thanks for this, never really had a reason to use k8s before this looking forward to try it out.

 

[ornias]

Some test results:
- If you run a script to run through all your 'helm repo add', 'Helm upgrade --install' etc scripts,you also want to add the same rules @Kris Moore meantioned to the top of your script (the export and alias).
- If setting up traefik, be sure to set the exposed port to not be 443 or 80 (due to obvious conflicts with the SCALE ports, obviously)

Maybe i'm going to say something controversial, but it might be interesting to give docker/k8s its own virtual IP. To make sure it can't mess with services exposed by SCALE itself.

-- edit --

Some additional notes after more testing:
- Democratic CSI, needs you to install open-iscsi (apt update && apt install open-iscsi)
- Democratic CSI iSCSI works on SCALE
- Traefik CRD ingress works fine
- Basic k8s features work fine (creating, deleting, editing resources such as pods, pvc, secrets etc)
- Helm works like a breeze (with the install instructions from Kriss)
- Changing permissions on datasets throws an error
- Couldn't get NFS to work (yet) due to permission issues it seems

 

[-jim]

Tested the install proces, works rather smoothly :)

---
Anyway:
For those of us that want to run the normal k8s dashboard in testing (so without all the authentication crap), a quick and dirty script:

Code:

# Setup Dashboard SCALE
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm repo update
kubectl apply -f https://vividcode.io/content/insecure-kubernetes-dashboard.yml

cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard2
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
EOF

kubectl proxy --address='0.0.0.0' --accept-hosts='.*'

You can now reach the dashboard using:
IPADRESS:8001/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:http/proxy/

Seems like the kubernetes/dashboard would be a great addition to TrueNAS Scale.

 

[vampirebyte]

Seems like the kubernetes/dashboard would be a great addition to TrueNAS Scale.

Here just to write the same.

Can we cook it into a Chart App? Or is it a political decision not to... always wondered if community can submit pull requests to community train, how/who decides what gets included? Would love some light on the subject.

Thank you for building such a great piece of software!