Using Kind to develop and test your Kubernetes deployments
In a previous article, I provided a project to set up a Kubernetes cluster in the cloud. The downside of this is that it incurs costs. If you are sensitive to costs of any type, you may want a local implementation of that project to develop and test your applications. Here I introduce Kind to do just that.
Local development
Spinning up a Kubernetes cluster in the cloud requires time and money. Time to spin it up and money to pay the bill!
As a developer, I want to be able to spin up a cluster that looks like the cluster in production and use this to test my application and, just as importantly, the deployment of my application. I want to do this quickly and at little to no cost.
I need a local cluster.
There are several options to do this, including, K3d, K3s, Kind, Microk8s and Minikube.
Minikube is the most popular but lacks the multi-node capability I want. Kind is a lightweight application that supports multiple nodes and is the tool I have chosen for this article. Others have more complex setup.
Installation
You can find installation instructions for most operating systems here.
As I am using a Mac and so I will be showing you the commands based on a macOS environment. I am also going to assume you have homebrew and Docker installed.
You can install Kind with:
brew install kindYou can check your version with:
kind versionThis gives me:
kind v0.22.0 go1.21.7 darwin/arm64
Installation done.
Creating a cluster
Now, to create a cluster, use:
kind create clusterThis will just take a few minutes.
How easy is that?
You can now use kubectl from the command line. For example:
kubectl get pods -AYou will now see a list of all the pods and their statuses. They should all be showing ready.
Containers within containers
Kind implements each node in the cluster as a container within the development machine’s Docker environment. You can see this with:
docker container lsKind deploys all the required Kubernetes components within the docker image along with any container images that your Kubernetes cluster requires.
Container Network Interface (CNI)
If you have been following my articles, you will know that a Kubernetes cluster requires a CNI plugin. By default, Kind installs kindnetd and you will see this as a pod in your cluster.
You can disable this and run your own, such as Calico, if you require. For this article we will stay with the default.
Multiple Clusters
There are options to create multiple clusters and to be able to manage them independently but for now we will just use one. One option I will mention is to name your cluster:
kind create cluster --name <your cluster name>Deleting the cluster
Should you want to delete your cluster, you can do with:
kind delete cluster --name <your cluster name>If you have created a cluster with the default name, you can omit the cluster name.
Note that once deleted, your cluster and all its config and data is gone too!
Multiple nodes
So far the cluster we have created is a single node. Most production deployments are multi-node clusters.
We can create a multi-node cluster by providing a suitable configuration file.
For a single master with two worker nodes (similar to my cloud deployment), create the following file:
kind-config.yml
apiVersion: kind.x-k8s.io/v1alpha4
kind: Cluster
nodes:
- role: control-plane
extraPortMappings:
- containerPort: 30000
hostPort: 30000
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
protocol: tcp # Optional, defaults to tcp
- containerPort: 31321
hostPort: 31321
- containerPort: 31300
hostPort: 31300
- role: worker
- role: workerNote that we need to expose specific ports via Kind (extraPortMappings) so we can access them on our development machine. We will use ports 30000, 31321 and 31300 later in the article.
Now we can create our cluster again:
kind create cluster --name my-k8s --config kind-config.ymlThis time you should see 3 nodes:
kubectl get nodesWe can now start installing our applications.
Creating and installing a docker image
One of the great things about using a tool such as Kind, is the ability to create and deploy docker images to your cluster without having to upload the image to a repository like Docker Hub.
To show how this works, we will create a simple docker image and then load it into our cluster. This will be a simple web server based on NGINX.
First create the folders:
mkdir sample-app
mkdir sample-app/filesCreate the following files:
sample-app/files/index.html
<html>
<head>
<title>Dockerfile</title>
</head>
<body>
<div class="container">
<h1>My App</h1>
<h2>This is my first app</h2>
<p>Hello everyone, This is running via Docker container</p>
</div>
</body>
</html>sample-app/files/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /usr/share/nginx/html;
index index.html index.htm;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}sample-app/Dockerfile
FROM ubuntu:24.04
RUN apt -y update && apt -y install nginx
COPY files/default /etc/nginx/sites-available/default
COPY files/index.html /usr/share/nginx/html/index.html
EXPOSE 80
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]Now we build the Docker image:
cd sample-app
docker build -t sample-app:1.0 .Once built, it can be loaded into the nodes within the cluster:
kind load docker-image sample-app:1.0 --name my-k8sDeploying an image requires a Deployment resource to be applied to the cluster. Create this file:
my-deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sample-app
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: sample-app
template:
metadata:
labels:
app: sample-app
spec:
containers:
- name: sample-app
image: sample-app:1.0
imagePullPolicy: Never
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: sample-app-svc
namespace: default
spec:
selector:
app: sample-app
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30000Note that the imagePullPolicy is set to Never as we installed this into our cluster earlier. This deployment also includes a NodePort service so we can access the service.
Now deploy the deployment with:
kubectl apply -f my-deployment.ymlCheck your pod is running with:
kubectl get podsAs we have deployed to the default namespace, we do not have to specify it.
Now it has been deployed, you should be able to see the page being served at:
http://localhost:30000Congratulations, you now have a local cluster up and running.
Useful tools and applications
Whilst Kind gives you a Kubernetes cluster, you generally need a number of tools and applications to make it useful.
To help assist with the installation, Helm is required and this can be installed on the development machine with:
brew install helmI have selected a few applications to get you started.
- Istio service mesh
- Grafana/Loki monitoring
- Postgres operator
Adding Istio
Istio is a service mesh that gives you greater control over your networking. If you wish to install Istio you can from a Helm chart.
First register the repository with your local Helm:
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo updateWe will add Istio to its own namespace, which we have to create:
kubectl create namespace istio-systemAs Istio has its own Custom Resource Definitions (CRDs), we need to load these into Kubernetes:
helm install istio-base istio/base -n istio-system --set defaultRevision=defaultCheck it installed with:
helm ls -n istio-systemAs we are using kindnetd as our CNI, we do not need to install istio CNI. The next step is to install the istiod control plane:
helm install istiod istio/istiod -n istio-system --waitThe --wait option tells Helm to wait until the pods are up and running. This can take a while.
You now have Istio installed. To ensure the sidecar is created for each pod, you need to annotate the namespace with istio-injection: enabled. As we do not create the default namespace where our test service appears, we need to add the label with:
kubectl label namespace default istio-injection=enabled --overwrite
kubectl get namespace -L istio-injectionAs the test pod exists, you need to delete it to force Kubernetes to recreate it.
kubectl delete <pod name>Now, when you get the pod details you will see it has 2/2 containers showing the Istio sidecar has been deployed alongside the main sample-app container.
You can now configure Istio as needed.
Adding Grafana and Loki
It is extremely important that you know what your application is doing once it is deployed. Typically you will need visibility of the metrics and logs it provides.
To gain that visibility, we will install Loki and Grafana into our cluster.
First we will add the required charts to our Helm repository:
helm repo add grafana https://grafana.github.io/helm-charts
helm repo updateNow we will create a monitoring namespace to hold our monitoring applications.
kubectl apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
istio-injection: enabled
EOFAs we are using Helm, we need to give the chart any values we want to override. We want the chart to include Loki (which it does by default), Grafana and Prometheus. Create the following file:
loki-config.yml
grafana:
enabled: true
prometheus:
enabled: true
loki:
image:
tag: 2.8.11Note the need to upgrade the image tag for Loki as Grafana adds a default error filter to log volume queries that breaks the Loki query and gives an IDENTIFIER error.
And now install the chart with:
helm install loki grafana/loki-stack -n monitoring -f loki-config.ymlIt may take a few minutes to start everything. You can check with:
kubectl get pods -n monitoringYou will see that it installs promtail and prometheus-node-exporter on each node so it can collect the logs and metrics from each node.
Once everything is up and running, we can look at accessing the Grafana console. To do this we need the username and password. These are created and stores as Kubernetes secrets and so you can find them with:
kubectl get secret loki-grafana -n monitoring -o jsonpath={.data.admin-user} | base64 -d; echo
kubectl get secret loki-grafana -n monitoring -o jsonpath={.data.admin-password} | base64 -d; echoIf you look at the services that are created:
kubectl get svc -n monitoring -o wideYou will see that they are all ClusterIP services, which are only accessible internally. To access the Grafana console we will need a NodePort service to make the service available externally via the cluster nodes. Create the following file:
grafana-svc.yml
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: monitoring
spec:
selector:
app.kubernetes.io/instance: loki
app.kubernetes.io/name: grafana
type: NodePort
ports:
- port: 3000
targetPort: 3000
nodePort: 31300We target port 3000 but expose it externally as 31300 due to the restrictions on allocating ports on the nodes (30000 to 32767).
Now create this service with:
kubectl apply -f grafana-svc.ymlYou should now be able to go to your browser and access the Grafana console at: http://localhost:31300.
You can log in with the username and password you extracted earlier. As promtail has been deployed on each node, Loki captures all logs and can be queried by Grafana for display. This includes the logs for the Kubernetes components also.
You should be able to explore the logs of the sample app with a Grafana Loki filter of {app="sample-app"} |= ``. You can also look at the metrics too with a prometheus query such as node_memory_Active_bytes.
Adding Postgres
Before we add a database, we need to understand how Kind handles storage. In a Kubernetes cluster, there can be many different types of storage, each referred to by its storageClass name.
You can see the storage class provided by Kind using:
kubectl get storageclassesStorage classes are defined at the cluster level and so no namespace is required.
You will see a result like this:
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
standard (default) rancher.io/local-path Delete WaitForFirstConsumer false 12mThis shows that the storageClass is named standard and is the one that will be used if no class is provided: (default). This storage class ensure that the underlying persistent storage is associated with a pod on a given node. If the pod fails, it will attempt to be rescheduled on the same node so it can be connected to the same persistent storage or volume (PV). If it cannot, the pod will fail to schedule.
This is all done with the Rancher local-path provisioner.
To deploy our database we will use a Postgres provisioner known as an operator. The provisioner we will use is called CloudNativePG. We need to first update our Helm repository:
helm repo add cnpg https://cloudnative-pg.github.io/charts
helm repo updateNow we make a namespace for our database and annotate it for Istio:
kubectl apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: pg
labels:
istio-injection: enabled
EOFThis also shows you how to use the heredoc format on the command line to create the namespace.
Now install the actual operator:
helm install cnpg cnpg/cloudnative-pg -n pgWith the operator configured, we can now create a Postgres database. We will create a default postgres (required by the operator) database, a myapp database, a postgres user (required by the operator) and an app-user. For the users we will create secrets to hold their credentials.
Secrets are stored with base 64 encoding to allow any characters to be stored.
In this example we will create:
postgres/super-secretapp-user/app-secret
Or, in base 64:
cG9zdGdyZXM=/c3VwZXItc2VjcmV0YXBwLXVzZXI=/YXBwLXNlY3JldA==
Create the following file:
db-user-config.yml
apiVersion: v1
kind: Secret
type: kubernetes.io/basic-auth
metadata:
name: pg-superuser
namespace: pg
data:
password: c3VwZXItc2VjcmV0
username: cG9zdGdyZXM=
---
apiVersion: v1
kind: Secret
type: kubernetes.io/basic-auth
metadata:
name: app-user
namespace: pg
data:
password: YXBwLXNlY3JldA==
username: YXBwLXVzZXI=And create these secrets with:
kubectl apply -f db-user-config.ymlNow let’s create our database cluster (the operator calls it a cluster even though we will only create 1 replica). We will also create a NodePort service to expose the database on port 31321 so we can attach to it using a database client, such as DBeaver. We exposed port 31321 earlier when we created the cluster.
The is the database definition we will use. It is a cut down version of one I provided in another article.
db-config.yml
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: db-cluster
namespace: pg
labels:
cnpg.io/reload: ""
spec:
description: "Postgres database cluster"
imageName: ghcr.io/cloudnative-pg/postgresql:15.1
instances: 1
superuserSecret:
name: pg-superuser
managed:
roles:
- name: app-user
ensure: present
comment: user for application
login: true
superuser: false
passwordSecret:
name: app-user
enableSuperuserAccess: true
postgresql:
pg_hba:
- host all all 10.0.0.0/8 scram-sha-256
- hostssl all all 10.0.0.0/8 scram-sha-256
- hostssl all all 192.0.0.0/8 scram-sha-256
- host all all 172.0.0.0/8 scram-sha-256
- host all all 127.0.0.0/24 scram-sha-256
- host all all all scram-sha-256
bootstrap:
initdb:
database: myapp
owner: app-user
secret:
name: app-user
postInitApplicationSQL:
- create schema myapp authorization "app-user"
- grant all on schema myapp to "app-user"
- grant all on all tables in schema myapp to "app-user"
storage:
size: 10Gi
storageClass: standard
---
apiVersion: v1
kind: Service
metadata:
name: pg
namespace: pg
labels:
name: pg
spec:
type: NodePort
ports:
- name: http
port: 5432
targetPort: 5432
nodePort: 31321
selector:
cnpg.io/cluster: db-clusterThe pg_hba section, or stanza, deliberately lists many options to demonstrate how to set up security around your database. At the end of the stanza, the line host all all all scram-sha-256 gives everyone access to everything from everywhere. Whilst this is fine for experimentation, do not do this in production.
You will notice that we create the NodePort service in the second document (--section) in the file.
We now create the cluster and the service with:
kubectl apply -f db-config.ymlThis can take a few minutes so check everything is running with:
kubectl get pods -n pgYou should now be able to connect to your database on local:31321 using a database client and the usernames and passwords above. Connect to the postgres database.
If using DBeaver, remember to tick the box to show all databases or else you will not see the
myappdatabase.
You should now see two databases, postgres and myapp. The second one is the one you should use for your applications with the user app-user, who we defined earlier. Note that there is also a myapp schema within this database.
Summary
In this article, we have explored how to set up a Kubernetes cluster on our local development machine using Kind.
We created a Docker image and deployed it without the need to push it to a repository first.
Once we did that, we installed networking, monitoring and a database to make the platform ready for application development.
This gives us a multi-node Kubernetes cluster on which we can base our application development.
Although all the code you require is in the article above, you can also find it in my GitHub repository.
If you found this article of interest, please give me a clap as that helps me identify what people find useful and what future articles I should write. If you have any suggestions, please add them in the comments section.
