Access my Docker for Windows Kubernetes Cluster from Debian WSL
Yesterday I tweeted about me being able to access my Docker for Windows Kubernetes Cluster from Debian WSL without exposing the Docker Daemon with TLS and I got quite some responses.
W00t! I'm able to access my #Docker for Windows #Kubernetes Cluster from #Debian WSL without exposing the #Docker Daemon with TLS. Anyone interested to know how I did this? pic.twitter.com/Dgu3a6aWrO
— Stefan Stranger (@sstranger) April 1, 2018
It seems that there are quite some people interested in me sharing how I was able to do this.
Background information
Let me start with some background information about why I wanted to manage my Docker for Windows Client Kubernetes cluster from (Debian) WSL. Last week I visited the Dutch Azure Meetup in Amsterdam where Erik St. Martin talked about Azure Containers.
One of the tools he talked about was Helm. Helm is a package manager for Kubernetes.
Helm
Helm helps you manage Kubernetes applications — Helm Charts helps you define, install, and upgrade even the most complex Kubernetes application.
Charts are easy to create, version, share, and publish — so start using Helm and stop the copy-and-paste madness.
I wanted to play around with Helm on my Docker for Windows Kubernetes Cluster. Please read my earlier blog post called "Running Kubernetes Cluster in Docker for Windows" to learn more on how to get this running on your Windows 10 machine.
There are different version of Helm:
I tried to install the Windows version of Helm but was not able to get this working. Then I thought I would try to manage my Docker for Windows Kubernetes cluster from (Debian) WSL.
We just released the Debian GNU/Linux for WSL. More information can be found at the following "Debian GNU/Linux for WSL now available in the Windows Store" blog post.
While investigating how I could connect from Debian WSL to my Docker for Windows Kubernetes cluster I stumbled on the following blog post "[Cross Post] WSL Interoperability with Docker" from Craig Wilhite.
By default the Docker Client for Windows offers a configuration to expose the Docker Daemon.
If you enable this configuration you do expose your system to potential attack vectors for malicious code.
And that's where the tool npiperelay can help. This is a tool built by John Starks.
WSL Interoperability with Docker
Please following the steps to install npiperelay, socat, docker client on the blog post from Craig Wilhite.
High-Level I run the following steps:
Install npiperelay in Debian WSL
Install Aptitude on Debian WSLAptitude is an Ncurses based FrontEnd to Apt, the debian package manager.
sudo apt-get install aptitude
Install Go#Make sure we have the latest package lists
sudo apt-get update#Download Go. You should change the version if there's a newer one. Check at: https://golang.org/dl/
sudo wget https://storage.googleapis.com/golang/go1.10.1.linux-amd64.tar.gz
#unzip Go
sudo tar -C /usr/local -xzf go1.10.1.linux-amd64.tar.gz
#Put it in the pathexport PATH=$PATH:/usr/local/go/bin
Build the relay (see the blog post from Craigh Wilhite)
Install socatsudo aptitiude install socat
Install Docker CE for Debian (https://docs.docker.com/install/linux/docker-ce/debian/#install-docker-ce-1)sudo aptitude install docker-ce
Stitch everything together.See blog post Craigh Wilhite.
Install kubectl (https://kubernetes.io/docs/tasks/tools/install-kubectl/)
Configure kubectl configuration.Copy Docker for Windows Kubernetes kube config files to Debian WSL kube configuration folder
cp -R /mnt/c/Users/[username]/.kube/ ~/
This will copy the kubernetes cluster configuration created by the Docker for Windows client to the Debian WSL user.
Install Helm on Debian WSL
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash
You should now be able to access your Docker for Windows Kubernetes cluster from Debian WSL.
#start relay
sudo ~/docker-relay &
#test docker client
docker version
#test access to the Kubernetes cluster
kubectl version
kubectl cluster-info
kubectl get nodes --all-namespaces
kubectl get pods --all-namespaces
#test Helm
helm version
helm list
Have fun!
References: