|
| 1 | +import { Callout } from 'nextra/components' |
| 2 | + |
1 | 3 | # Getting Started |
2 | 4 |
|
3 | | -1. Download the [cli][cli-download] and add it to your `$PATH`. |
4 | | -1. Get a k8s cluster. [k3d][k3d] is a convenient way to get a cluster up and |
5 | | - running fast. Follow their installation instructions and create a default |
6 | | - cluster. |
7 | | -1. Grant your email address access to the cluster. Choose `cluster-admin` if |
8 | | - you'd like something simple to check out how things work. For more details on |
9 | | - the minimum possible permissions, read the [Authorization][auth] section. The |
10 | | - email address is what you'll be using to authenticate against. It can either |
11 | | - be the one associated with a google or github account. Note, the ID used for |
12 | | - login and the providers available can all be configured. |
| 5 | +As part of this getting started guide, you will: |
| 6 | + |
| 7 | +- Grant your email address access to the cluster. |
| 8 | +- Install kty on your cluster. |
| 9 | +- Test it out! |
| 10 | + |
| 11 | +<Callout type="info"> |
| 12 | + You can run kty outside of a cluster, but it is a little more complex to get |
| 13 | + setup because of permissions. Check out the |
| 14 | + [off-cluster](/installation#off-cluster) instructions for more details. |
| 15 | +</Callout> |
| 16 | + |
| 17 | +## Prerequisites |
| 18 | + |
| 19 | +- Get a k8s cluster. [k3d][k3d] is a convenient way to get a cluster up and |
| 20 | + running fast. Follow their installation instructions and create a default |
| 21 | + cluster. |
| 22 | + |
| 23 | +## Install the CLI |
| 24 | + |
| 25 | +Binares are available on the [releases page][cli-download]. If you have |
| 26 | +homebrew, you can install with: |
| 27 | + |
| 28 | +```bash |
| 29 | +brew install grampelberg/kty/kty |
| 30 | +``` |
| 31 | + |
| 32 | +<Callout type="info"> |
| 33 | + `ssh` is all you need to use kty. The CLI is optional, but makes installation |
| 34 | + and management a little easier. |
| 35 | +</Callout> |
| 36 | + |
| 37 | +## Setup Permissions |
| 38 | + |
| 39 | +Just like `kubectl`, kty delegates authorization to Kubernetes RBAC. The email |
| 40 | +address you use to login needs to be granted access to the cluster. If your |
| 41 | +organization already uses email addresses for access, you can skip the install |
| 42 | +step - make sure you verify you've got access though. |
| 43 | + |
| 44 | +To grant access to your email, you can use the `kty` CLI. It will apply a |
| 45 | +`ClusteerRoleBinding` that associates your email address with the provided role. |
| 46 | +In this example, we're using `cluster-admin` because it is everywhere and an |
| 47 | +easy way to get started. You can change this to another role, anything with the |
| 48 | +[minimum permissions](/architecture/access-control#authorization) in fact. Run: |
| 49 | + |
| 50 | +```bash |
| 51 | +kty users grant cluster-admin me@example.com |
| 52 | +``` |
| 53 | + |
| 54 | +<Callout type="info"> |
| 55 | + If you'd like to verify the YAML or apply it youself, pass `-o yaml` to the |
| 56 | + command. |
| 57 | +</Callout> |
| 58 | + |
| 59 | +You can verify that this worked and you have the minimum permissions required by |
| 60 | +running: |
| 61 | + |
| 62 | +```bash |
| 63 | +kty users check me@example.com |
| 64 | +``` |
13 | 65 |
|
14 | | - ```bash |
15 | | - kty users grant <cluster-role> <email-address> |
16 | | - ``` |
| 66 | +This command runs a `SelfSubjectAccessReview` against your cluster. If you want |
| 67 | +to use `kubectl` instead, you can run: |
17 | 68 |
|
18 | | -1. Start the server. |
| 69 | +```bash |
| 70 | +kubectl auth can-i list pods --as me@example.com |
| 71 | +``` |
19 | 72 |
|
20 | | - ```bash |
21 | | - kty --serve |
22 | | - ``` |
| 73 | +## Install on your cluster |
23 | 74 |
|
24 | | -1. SSH into your cluster! |
| 75 | +While it isn't required that you run `kty` on your cluster, it takes care of the |
| 76 | +dependencies. To install the server and associated configuration such as |
| 77 | +`ClusterRole` and `Service` resources, run: |
25 | 78 |
|
26 | | - ```bash |
27 | | - ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 me@localhost |
28 | | - ``` |
| 79 | +```bash |
| 80 | +kubectl create ns kty && \ |
| 81 | + kty resources install -n kty |
| 82 | +``` |
29 | 83 |
|
30 | | -From this point, here's a few suggestions for things to check out: |
| 84 | +<Callout type="info"> |
31 | 85 |
|
32 | | -- Start a new pod. It'll show up in the dashboard immediately! |
| 86 | +You can pass `--dry-run` to see what's happening or pass the output to |
| 87 | +`kubectl apply -f -` yourself. If you'd like to install using a different |
| 88 | +method, such as helm, see the [installation](/installation) instructions. |
| 89 | + |
| 90 | +To clean these resources up, you can run `kty resources delete -n kty`. |
| 91 | + |
| 92 | +</Callout> |
| 93 | + |
| 94 | +Verify that this is up and running successfully by checking that the pod has |
| 95 | +started up: |
| 96 | + |
| 97 | +```bash |
| 98 | +kubectl -n kty rollout status deploy server |
| 99 | +``` |
| 100 | + |
| 101 | +Once the pod has started up, you'll want to make sure there's an IP address that |
| 102 | +can be reached: |
| 103 | + |
| 104 | +```bash |
| 105 | +kubectl -n kty get service server --output=jsonpath='{.status.loadBalancer.ingress[0].ip}' |
| 106 | +``` |
| 107 | + |
| 108 | +<Callout type="warning"> |
| 109 | + |
| 110 | +If the load balancer isn't getting a public IP address, there's other ways to |
| 111 | +connect to the server. On way is to port forward using `kubectl`: |
| 112 | + |
| 113 | +```bash |
| 114 | +kubectl -n kty port-forward service/server 2222:2222 |
| 115 | +``` |
| 116 | + |
| 117 | +This is not something you'd want to do in production, but it's a quick way to |
| 118 | +see what you can do with kty. |
| 119 | + |
| 120 | +</Callout> |
| 121 | + |
| 122 | +## Test it out |
| 123 | + |
| 124 | +```bash |
| 125 | +ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 me@localhost |
| 126 | +``` |
| 127 | + |
| 128 | +## Next Steps |
33 | 129 |
|
34 | 130 | - Exec into a pod. Select the pod you want and go to the `Shell` tab. You'll be |
35 | 131 | able to pick the command to exec and then be shell'd into the pod directly. |
36 | 132 |
|
37 | | -- Follow the logs. Logs for all containers in a pod are streamed to the `Logs` |
38 | | - tab when you've selected a pod from the main list. |
39 | | - |
40 | 133 | - `scp` some files out of a container: |
41 | 134 |
|
42 | 135 | ```bash |
43 | 136 | scp -P 2222 me@localhost:/default/my-pod/etc/hosts /tmp |
44 | 137 | ``` |
45 | 138 |
|
46 | | -- Use your own [OpenID provider](/installation#bring-your-own-provider). |
| 139 | +- Check out [usage](/usage) for more information on everything that you can do. |
47 | 140 |
|
48 | | -Note: you'll want to install on-cluster to use the tunnelling functionality. |
49 | | -Check out the [helm](/installation/helm) docs for a quick way to do that. |
| 141 | +- You can [bring your own provider](/installation#bring-your-own-provider) if |
| 142 | + the default provider don't work for you. This would be a great way to |
| 143 | + configure groups or use other types of logins if your organization uses |
| 144 | + something other than Google or Github. |
50 | 145 |
|
51 | 146 | [cli-download]: https://github.com/grampelberg/kty/releases |
52 | 147 | [k3d]: https://k3d.io |
0 commit comments