As a developer, I would like to be able to create a "sandbox" version of our development Kubernetes cluster that I could run on my machine so that I could make changes and test without running the risk of shutting down the micro-services of other developers who call my micro-services from their code. Short of hand installing the "bare necessities" of our remote cluster on my machine, is there a more convenient way to do this? Is there something that would let us define a "base cluster" that could be easily distributed to multiple developers (sort of conceptually like a Docker image or VM of a running cluster)?
It depends what you actually mean by "base cluster". I guess you want it to be pre-configured and maybe already contain some workload running on it. There are different solutions available out there and the easiest is Minikube. It's very straightforward and lets you set up simple one-node but fully functional Kubernetes Cluster on your local computer. It doesn't require much resources so every developer can set up such testing environment on his laptop. By default it sets a Kubernetes Cluster on a virtual machine (however it is possible to set it up on your host system) and yes, you can make a snapshot of such VM and quite easily distribute it within your team.
Setting up K8s cluster using kubeadm tool is a bit more complicated but still fairly easy in comparison with building it from scratch ( often called "the hard way" ). As it sets up multi-node cluster ( you need to set up at least one master and one worker node ) it requires more resources than Minikube. You can still make snapshots of such vms with K8s cluster already set up and configured on them and with some workload deployed on it. You can easily distribute such disk images. It can be VDI, VMDK or whatever you can use on your hypervisor.
It's the easiest way of preparing and distributing copy of such environment that comes to my mind but there are also various alternatives like writing ansible playbook automating your cluster setup and use it together with a tool like Vagrant but I think its definitely more tedious task.
If you rather think about cloning the existing Kubernetes cluster you can also do it in many different ways. All depends on your environment and your particular needs.
If you primarily care about the ability to copy the contents of your production k8s cluster (it's workload) there is quite easy solution, namely etcd snapshots. More on them you can read here. It enables you to make a quick backup of your entire k8s cluster workload and restore it later on different k8s instance. This is ideal solution when you use on-premise k8s installation. Unfortunatelly managed cloud solutions like GCP GKE or AWS EKS don't give you such possibility as you don't have on them direct access to master node filesystem.
I think you and some of your colleagues can use same k8s cluster. Each of you will use resource (pods, svc, ...) in only single namespace. To do that, you can use RBAC for Role and RoleBinding Following is the example how k8s manage your cluster resource.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["get", "watch", "list"]apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows "jane" to read pods in the "default" namespace.
kind: RoleBinding
metadata:
name: read-pods
namespace: default
subjects:
- kind: User
name: jane # Name is case sensitive
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role #this must be Role or ClusterRole
name: pod-reader # this must match the name of the Role or ClusterRole you wish to bind to
apiGroup: rbac.authorization.k8s.iohttps://kubernetes.io/docs/reference/access-authn-authz/rbac/
I hope this may help you!