Errata

The expected output of "kubectl get -n projectcontour service contour -o wide" does not match what I get. The expected output from the book is:

NAME CLUSTER-IP EXTERNAL-IP PORT(S) ...
contour 10.106.53.14 a477...amazonaws.com 80:30274/TCP ...

I get:

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
contour ClusterIP 10.100.134.112 <none> 8001/TCP 14m app=contour

It looks like the service I should be using is "envoy":

$kubectl get -n projectcontour service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
contour ClusterIP 10.100.134.112 <none> 8001/TCP 15m
envoy LoadBalancer 10.100.201.191 a7c...elb.amazonaws.com 80:31475/TCP,443:30006/TCP 15m

I am using kubernetes and kubectl version 1.21

Note from the Author or Editor:
The output needs to be updated as follows:

$ kubectl get -n projectcontour service envoy -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) ...
envoy LoadBalancer 10.106.53.14 a477...amazonaws.com 80:30274/TCP ...

We've made the fix in copy.

Cheers,

KUAR authors

My output for "kubectl describe ingress host-ingress" does not match what's provided in the book. In the book, the default backend line is: "Default backend: default-http-backend:80 (<none>)". For me, the line is "Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)".

Note from the Author or Editor:
I believe this has already been addressed as I could no longer replicate via the contents of the ePUB

I believe the commands as printed would have created selector app=alpaca-prod and app=bandicoot-prod vs what is printed in the table (without prod suffix).
This causes the subsequent command "ALPACA_POD=$(...)" to fail with array index out of bounds in the second table (right above Service DNS section)

I believe a quick fix would be to remove all the '-prod' suffixes in the commands so it would be consistent with output of "kubectl get services -o wide" as well as the subsequent "ALPACA_POD=$(...)" commands in the following table.

Note from the Author or Editor:
Update the table output from

NAME CLUSTER-IP ... PORT(S) ... SELECTOR
alpaca-prod 10.115.245.13 ... 8080/TCP ... app=alpaca
bandicoot-prod 10.115.242.3 ... 8080/TCP ... app=bandicoot
kubernetes 10.115.240.1 ... 443/TCP ... <none>

to

NAME CLUSTER-IP ... PORT(S) ... SELECTOR
alpaca-prod 10.115.245.13 ... 8080/TCP ... app=alpaca-prod
bandicoot-prod 10.115.242.3 ... 8080/TCP ... app=bandicoot-prod
kubernetes 10.115.240.1 ... 443/TCP ... <none>


Also update

ALPACA_POD=$(kubectl get pods -l app=alpaca \
-o jsonpath='{.items[0].metadata.name}')

to

ALPACA_POD=$(kubectl get pods -l app=alpaca-prod \
-o jsonpath='{.items[0].metadata.name}')

'kind' no longer supports 'kind get kubeconfig-path'.

Apparently it was deprecated/removed in 0.6.0. There is a 'kind get kubeconfig' but it prints the full config yaml content instead.

github kubernetes-sigs/kind/issues/1060 "KUBECONFIG management migration for kind v0.6.0+ #1060" has a note about how to migrate to the new way to do it;

Quote:

You can emulate the previous behavior by switching from:

kind create cluster --name=foo
export KUBECONFIG="$(kind get kubeconfig-path --name=foo)"

to:

export KUBECONFIG="${HOME}/.kube/kind-config-foo"
kind create cluster --name=foo

Note from the Author or Editor:
Remove the line `$ export KUBECONFIG="$(kind get kubeconfig-path)"` as the cluster context is now set by default

`kubectl run` no longer supports `--generated`. It appears it was deprecated almost 4 years ago, and entirely removed since then., so this example is well out-of-date.

This command "seemed" to work by simply omitting the `--generator=run-pod/v1` parameter.

Note from the Author or Editor:
Should be updated to (I believe that this change has already been made)

$ docker run -d --name kuard \
--publish 8080:8080 \
gcr.io/kuar-demo/kuard-amd64:blue

The example given uses the --generator parameter, which has been deprecated (per GitHub pull request 87077). Removing this parameter in its entirety (i.e., '--generator=run-pod/v1') will cause the command to complete correctly.

Note from the Author or Editor:
The generate flag needs to be removed so that the command looks like

$ kubectl run kuard \
--image=gcr.io/kuar-demo/kuard-amd64:blue

The two kubectl commands that can inspect the two objects created by the "kubectl apply -f kube-flannel.yaml" command should be the following:

$ kubectl describe --namespace=kube-flannel configmaps/kube-flannel-cfg
$ kubectl describe --namespace=kube-flannel daemonsets/kube-flannel-ds

The flannel objects are created in namespace=kube-flannel, not namespace=kubesystem as shown incorrectly in the commands given in the book.

Note from the Author or Editor:
The following

$ kubectl describe --namespace=kube-system configmaps/kube-flannel-cfg
$ kubectl describe --namespace=kube-system daemonsets/kube-flannel-ds

must be updated to

$ kubectl describe --namespace=kube-flannel configmaps/kube-flannel-cfg
$ kubectl describe --namespace=kube-flannel daemonsets/kube-flannel-ds

As directed in the section, the creation of the HPA (HorizontalPodAutoScaler) will succeed, but it will not operate correctly because the Podtemplate in the ReplicaSet (shown on the top of Page 107) does not contain Resource metrics for CPU (or Memory). The HPA uses those resource metrics in the pod to calculate the utilization (CPU utilization) for autoscaling.

Without the Resource metrics in the PodTemplate, the following messages are shown when the HPA is created:

kubectl describe hpa kuard

Conditions:
Type Status Reason Message
---- ------ ------ -------
AbleToScale True SucceededGetScale the HPA controller was able to get the target's current scale
ScalingActive False FailedGetResourceMetric the HPA was unable to compute the replica count: failed to get cpu utilization: missing request for cpu
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedGetResourceMetric 5s horizontal-pod-autoscaler failed to get cpu utilization: missing request for cpu
Warning FailedComputeMetricsReplicas 5s horizontal-pod-autoscaler invalid metrics (1 invalid out of 1), first error is: failed to get cpu resource metric value: failed to get cpu utilization: missing request for cpu

To resolve this, add the following to the PodTemplate spec for ReplicaSet kuard:

resources:
requests:
cpu: "500m"
memory: "128Mi"

Note from the Author or Editor:
Update example 9-1 kuard-rs.yaml to add the following at the end (from resources and beyond. Added prior lines just to illustrate for spacing and context.

```
spec:
containers:
- name: kuard
image: "gcr.io/kuar-demo/kuard-amd64:green"
resources:
requests:
cpu: "500m"
memory: "128Mi"
```

The text says "kuard exposes a simple web interface, wich you can load by pointing your browser at localhost:3000", but the kuard container was published to port 8080 in the prior section.

Note from the Author or Editor:
Should be updated to http://localhost:8080 in italics

This output

$ kubectl apply -f simple-ingress.yaml
ingress.extensions/simple-ingress created

needs to be updated to

$ kubectl apply -f simple-ingress.yaml
ingress.networking.k8s.io/simple-ingress created

and this output

$ kubectl apply -f host-ingress.yaml
ingress.extensions/host-ingress created

needs to be updated to

$ kubectl apply -f host-ingress.yaml
ingress.networking.k8s.io/host-ingress created

Create note callout box which includes the following:

You may need to first enable the Kubernetes Engine API using the following command `gcloud services enable container`

kuard application runs on 8080 but the text states:
kuard exposes a simple web interface, which you can load by pointing your browser at .......localhost:3000 or via the command line:
$ curl ....localhost:8080
---
So, the code example correctly says 8080 but the text (3000) doesn't.

Note from the Author or Editor:
The text should be updated from

localhost:3000

to

localhost:8080

Background:
While minikube's original driver was VirtialBox, and Windows requires hyper-v to function this is not true of Linux which current supports 7 different drivers or ways to run minikube.

Therefore the following :
"Because it only runs in a VM on a single node, it doesn't provide the reliability of a distributed Kubernetes cluster." is incorrect and unnecessarily misleading.

"only runs in a VM" is incorrect and irrelevant to the point the the sentence is trying to convey.

It should be changed to :
"Because it only runs on a single node, it doesn't provide the reliability of a distributed Kubernetes cluster."

Note from the Author or Editor:
Update "Because it only runs in a VM on a single node,..."

to ""Because it only runs on a single node,...."

"The selector in the ReplicaSet spec should be a proper subset of the labels in the Pod template."

A is a proper subset of B if B contains all elements of A and the sets are not equal. When we define a ReplicaSet, we can make labels in the selector and pod template identical, meaning it is a subset, not a proper subset.

Note from the Author or Editor:
Should be updated from

"The selector in the ReplicaSet spec should be a proper subset of the labels in the Pod template."

to

"The selector in the ReplicaSet spec should be a subset of the labels in the Pod template."

"If you don’t want to delete the Pods that the ReplicaSet is managing, you can set the --cascade flag to false to ensure only the ReplicaSet object is deleted and not the Pods:"

"false" value for the --cascade flag has been removed.

Note from the Author or Editor:
Needs to be updated from

"--cascade=false"

to

"--cascade=orphan"

The service in Example 16-2 is invalid as it doesn't specify port numbers. It needs to be updated as follows:

kind: Service
apiVersion: v1
metadata:
name: external-ip-database
spec:
ports:
- port: 3306

In Example 16-6. mysql-replicaset.yaml the first line reads as
"apiVersion: extensions/v1". And, when the file is applied the following error message is received:

"error: resource mapping not found for name: "mysql" namespace: "" from "mysql-replicaset.yaml": no matches for kind "ReplicaSet" in version "extensions/v1"
ensure CRDs are installed first"

The apiVersion should have been assigned to "apps/v1" insteadof "extensions/v1".

Note from the Author or Editor:
Please update the following line from

apiVersion: extensions/v1

to

apiVersion: apps/v1

Page 187, first paragraph, sentence ending: "which we can access at the full domain name mysql.svc.default.cluster"

should be:

"which we can access at the full domain name mysql.default.svc.cluster" or
"which we can access at the full domain name mysql.default.svc.cluster.local"

The format of the fully qualified DNS name for services is:

service-name.namespace-name.svc.cluster-domain-name

Note from the Author or Editor:
which we can access at the full domain name mysql.svc.default.cluster

Should be updated to

which we can access at the full domain name mysql.default.svc.cluster.local

The last command needs to be updated from

kubectl apply -f mongo-simple.yaml

to

kubectl apply -f mongo.yaml

The code snippet needs to be updated as follows:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: loadtests.beta.kuar.com
spec:
group: beta.kuar.com
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
service:
type: string
scheme:
type: string
requestsPerSecond:
type: integer
paths:
type: array
items:
type: string
scope: Namespaced
names:
plural: loadtests
singular: loadtest
kind: LoadTest
shortNames:
- lt

The ValidatingWebhookConfiguration needs to be updated as follows (note that I needed to remove the url section to be able to submit the errata. Please readd the url section under clientConfig from what's currently printed in the book:

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: kuar-validator
webhooks:
- name: validator.kuar.com
rules:
- apiGroups:
- "beta.kuar.com"
apiVersions:
- v1
operations:
- CREATE
resources:
- loadtests
clientConfig:
# Substitute the appropriate IP address for your webhook

# This should be the base64-encoded CA certificate for your cluster,
# you can find it in your ${KUBECONFIG} file
caBundle: REPLACEME
sideEffects: None
admissionReviewVersions: ["v1"]

The CertificateSigningRequest code snippet needs to be updated as follows:

apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: validating-controller.default
spec:
groups:
- system:authenticated
request: REPLACEME
signerName: kubernetes.io/kube-apiserver-client
usages:
- digital signature
- key encipherment
- key agreement
- server auth