This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
система_kubernetes [2022/07/13 16:46] val [Установка kubectl] |
система_kubernetes [2022/09/27 14:44] val [Работа с готовыми Charts] |
||
---|---|---|---|
Line 18: | Line 18: | ||
==== Установка ==== | ==== Установка ==== | ||
<code> | <code> | ||
- | root@gate.corp13.un:~# curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl | + | # curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl |
- | root@gate.corp13.un:~# chmod +x kubectl | + | |
- | root@gate.corp13.un:~# mv kubectl /usr/local/bin/ | + | # chmod +x kubectl |
+ | |||
+ | # mv kubectl /usr/local/bin/ | ||
</code> | </code> | ||
- | ==== Подключение к кластеру ==== | + | ==== Подключение к новому кластеру ==== |
- | * Если не minikube, то достаточно только копию .kube/config | + | * [[https://medium.com/@jacobtomlinson/how-to-merge-kubernetes-kubectl-config-files-737b61bd517d|How to merge Kubernetes kubectl config files]] |
<code> | <code> | ||
- | student@node2:~$ tar zcf kube-config.tar.gz .kube/config .minikube/ca.crt .minikube/profiles/minikube | + | gitlab-runner@server:~$ scp root@node1:.kube/config .kube/config_new |
- | gitlab-runner@gate:~$ scp student@node2:kube-config.tar.gz . | + | gitlab-runner@server:~$ cp ~/.kube/config ~/.kube/config.bak |
- | gitlab-runner@gate:~$ tar -xvf kube-config.tar.gz | + | gitlab-runner@server:~$ KUBECONFIG=~/.kube/config:~/.kube/config_new kubectl config view --flatten > /tmp/config |
- | gitlab-runner@gate:~$ cat .kube/config | + | gitlab-runner@server:~$ mv /tmp/config ~/.kube/config |
- | </code><code> | + | |
- | ... | + | gitlab-runner@server:~$ chmod 600 /home/gitlab-runner/.kube/config #Helm WARNING |
- | certificate-authority: /home/gitlab-runner/.minikube/ca.crt | + | |
- | ... | + | gitlab-runner@server:~$ kubectl config get-contexts |
- | client-certificate: /home/gitlab-runner/.minikube/profiles/minikube/client.crt | + | |
- | client-key: /home/gitlab-runner/.minikube/profiles/minikube/client.key | + | gitlab-runner@server:~$ rm ~/.kube/config.bak |
- | ... | + | |
- | </code><code> | + | gitlab-runner@server:~$ kubectl config use-context kubernetes-admin@kubernetes |
- | gitlab-runner@gate:~$ kubectl get all -o wide --all-namespaces | + | |
+ | gitlab-runner@server:~$ kubectl get all -o wide --all-namespaces | ||
+ | gitlab-runner@server:~$ kubectl get all -o wide -A | ||
</code> | </code> | ||
+ | |||
===== Установка minikube ===== | ===== Установка minikube ===== | ||
* [[https://www.linuxtechi.com/how-to-install-minikube-on-ubuntu/|How to Install Minikube on Ubuntu 20.04 LTS / 21.04]] | * [[https://www.linuxtechi.com/how-to-install-minikube-on-ubuntu/|How to Install Minikube on Ubuntu 20.04 LTS / 21.04]] | ||
* [[https://minikube.sigs.k8s.io/docs/start/|Documentation/Get Started/minikube start]] | * [[https://minikube.sigs.k8s.io/docs/start/|Documentation/Get Started/minikube start]] | ||
- | * Технология Docker [[Технология Docker#Предоставление прав непривилегированным пользователям]] | ||
<code> | <code> | ||
- | student@node3:~$ minikube delete | + | root@server:~# apt install -y curl wget apt-transport-https |
- | student@node3:~$ minikube start --driver=docker --insecure-registry "server.corp13.un:5000" | + | root@server:~# wget https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 |
- | ИЛИ | + | root@server:~# mv minikube-linux-amd64 /usr/local/bin/minikube |
- | </code><code> | + | |
- | student@node2:~$ sudo apt install conntrack | + | |
- | https://computingforgeeks.com/install-mirantis-cri-dockerd-as-docker-engine-shim-for-kubernetes/ | + | root@server:~# chmod +x /usr/local/bin/minikube |
- | ... | + | </code> |
- | wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz | + | * Технология Docker [[Технология Docker#Предоставление прав непривилегированным пользователям]] |
+ | |||
+ | <code> | ||
+ | gitlab-runner@server:~$ ### minikube delete | ||
+ | gitlab-runner@server:~$ ### rm -rv .minikube/ | ||
+ | |||
+ | gitlab-runner@server:~$ time minikube start --driver=docker --insecure-registry "server.corpX.un:5000" | ||
+ | real 5m8.320s | ||
... | ... | ||
- | student@node2:~$ minikube start --driver=none --insecure-registry "server.corp13.un:5000" | + | gitlab-runner@server:~$ minikube status |
- | </code><code> | + | |
- | student@node3:~$ minikube status | + | gitlab-runner@server:~$ minikube ip |
- | student@node3:~$ minikube ip | + | gitlab-runner@server:~$ minikube kubectl -- get pods -A |
- | student@node3:~$ minikube addons list | + | gitlab-runner@server:~$ minikube addons list |
- | student@node3:~$ minikube addons configure registry-creds | + | gitlab-runner@server:~$ minikube addons configure registry-creds |
... | ... | ||
Do you want to enable Docker Registry? [y/n]: y | Do you want to enable Docker Registry? [y/n]: y | ||
- | -- Enter docker registry server url: http://server.corp13.un:5000 | + | -- Enter docker registry server url: http://server.corpX.un:5000 |
-- Enter docker registry username: student | -- Enter docker registry username: student | ||
-- Enter docker registry password: | -- Enter docker registry password: | ||
... | ... | ||
- | student@node3:~$ minikube addons enable registry-creds | + | gitlab-runner@server:~$ minikube addons enable registry-creds |
- | + | ||
- | student@node3:~$ minikube dashboard & | + | |
- | ... | + | |
- | Opening http://127.0.0.1:NNNNN/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/ in your default browser | + | |
- | ... | + | |
- | /home/mobaxterm> ssh -L NNNNN:localhost:NNNNN student@192.168.13.230 | + | |
- | Теперь, та же ссылка работает на win host системе | + | |
</code> | </code> | ||
- | ===== Установка Kubernetes ===== | + | * [[#Инструмент командной строки kubectl]] |
+ | ===== Кластер Kubernetes ===== | ||
+ | |||
+ | ==== Развертывание ==== | ||
* [[https://infoit.com.ua/linux/kak-ustanovit-kubernetes-na-ubuntu-20-04-lts/|Как установить Kubernetes на Ubuntu 20.04 LTS]] | * [[https://infoit.com.ua/linux/kak-ustanovit-kubernetes-na-ubuntu-20-04-lts/|Как установить Kubernetes на Ubuntu 20.04 LTS]] | ||
* [[https://www.cloud4y.ru/blog/installation-kubernetes/|Установка Kubernetes]] | * [[https://www.cloud4y.ru/blog/installation-kubernetes/|Установка Kubernetes]] | ||
+ | |||
+ | === Установка ПО и подготовка узлов === | ||
<code> | <code> | ||
- | ... | + | node1# ssh-keygen |
- | root@node1:~# kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.13.210 | + | |
- | ... | + | node1# ssh-copy-id node2 |
- | student@node1:~$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml | + | node1# ssh-copy-id node3 |
- | ... | + | |
- | student@node1:~$ kubectl get pod -o wide --all-namespaces | + | node1# bash -c ' |
+ | http_proxy=http://proxy.isp.un:3128/ apt -y install apt-transport-https curl | ||
+ | ssh node2 http_proxy=http://proxy.isp.un:3128/ apt -y install apt-transport-https curl | ||
+ | ssh node3 http_proxy=http://proxy.isp.un:3128/ apt -y install apt-transport-https curl | ||
+ | ' | ||
+ | |||
+ | node1# bash -c ' | ||
+ | curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add | ||
+ | ssh node2 "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add" | ||
+ | ssh node3 "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add" | ||
+ | ' | ||
+ | |||
+ | node1# bash -c ' | ||
+ | apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main" | ||
+ | ssh node2 apt-add-repository \"deb http://apt.kubernetes.io/ kubernetes-xenial main\" | ||
+ | ssh node3 apt-add-repository \"deb http://apt.kubernetes.io/ kubernetes-xenial main\" | ||
+ | ' | ||
+ | |||
+ | node1# bash -c ' | ||
+ | http_proxy=http://proxy.isp.un:3128/ apt -y install kubeadm kubelet kubectl kubernetes-cni | ||
+ | ssh node2 apt -y install kubeadm kubelet kubectl kubernetes-cni | ||
+ | ssh node3 apt -y install kubeadm kubelet kubectl kubernetes-cni | ||
+ | ' | ||
+ | |||
+ | node1# bash -c ' | ||
+ | swapoff -a | ||
+ | ssh node2 swapoff -a | ||
+ | ssh node3 swapoff -a | ||
+ | ' | ||
+ | |||
+ | node1# bash -c ' | ||
+ | sed -i"" -e "/swap/s/^/#/" /etc/fstab | ||
+ | ssh node2 sed -i"" -e "/swap/s/^/#/" /etc/fstab | ||
+ | ssh node3 sed -i"" -e "/swap/s/^/#/" /etc/fstab | ||
+ | ' | ||
+ | </code> | ||
+ | |||
+ | === Инициализация master === | ||
+ | |||
+ | * Может понадобиться в случае возникновения ошибки [[https://github.com/containerd/containerd/issues/4581|[ERROR CRI]: container runtime is not running]] | ||
+ | <code> | ||
+ | node1# bash -c ' | ||
+ | rm /etc/containerd/config.toml | ||
+ | systemctl restart containerd | ||
+ | ssh node2 rm /etc/containerd/config.toml | ||
+ | ssh node2 systemctl restart containerd | ||
+ | ssh node3 rm /etc/containerd/config.toml | ||
+ | ssh node3 systemctl restart containerd | ||
+ | ' | ||
+ | </code> | ||
+ | <code> | ||
+ | root@node1:~# kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.X.201 | ||
+ | |||
+ | root@node1:~# mkdir -p $HOME/.kube | ||
+ | |||
+ | root@node1:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config | ||
+ | |||
+ | root@node1:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml | ||
+ | |||
+ | root@node1:~# kubectl get pod -o wide --all-namespaces | ||
+ | |||
+ | root@node1:~# kubectl get --raw='/readyz?verbose' | ||
+ | </code> | ||
+ | |||
+ | === Подключение worker === | ||
+ | |||
+ | <code> | ||
+ | root@node2_3:~# curl -k https://node1:6443/livez?verbose | ||
+ | </code> | ||
+ | * [[https://github.com/containerd/containerd/issues/4581|[ERROR CRI]: container runtime is not running]] | ||
+ | <code> | ||
+ | root@node2_3:~# kubeadm join 192.168.X.201:6443 --token NNNNNNNNNNNNNNNNNNNN \ | ||
+ | --discovery-token-ca-cert-hash sha256:NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | ||
+ | </code> | ||
+ | === Проверка состояния === | ||
+ | <code> | ||
+ | root@node1:~# kubectl cluster-info | ||
+ | |||
+ | root@node1:~# kubectl get nodes -o wide | ||
+ | </code> | ||
+ | |||
+ | ==== Настройка доступа к Insecure Private Registry ==== | ||
+ | |||
+ | * [[https://github.com/containerd/containerd/issues/4938|Unable to pull image from insecure registry, http: server gave HTTP response to HTTPS client #4938]] | ||
+ | * [[https://github.com/containerd/containerd/issues/3847|Containerd cannot pull image from insecure registry #3847]] | ||
+ | |||
+ | * [[https://mrzik.medium.com/how-to-configure-private-registry-for-kubernetes-cluster-running-with-containerd-cf74697fa382|How to Configure Private Registry for Kubernetes cluster running with containerd]] | ||
+ | * [[https://github.com/containerd/containerd/blob/main/docs/PLUGINS.md#version-header|containerd/docs/PLUGINS.md migrate config v1 to v2]] | ||
+ | |||
+ | * Docker [[Технология Docker#Insecure Private Registry]] | ||
+ | |||
+ | <code> | ||
+ | node1# scp server:/etc/docker/daemon.json /etc/docker/daemon.json | ||
+ | |||
+ | server# bash -c ' | ||
+ | scp /etc/docker/daemon.json node2:/etc/docker/daemon.json | ||
+ | scp /etc/docker/daemon.json node3:/etc/docker/daemon.json | ||
+ | service docker restart | ||
+ | ssh node2 service docker restart | ||
+ | ssh node3 service docker restart | ||
+ | ' | ||
+ | |||
+ | # don't work in cri-tools 1.25, need public project | ||
+ | ### node1# docker login http://server.corpX.un:5000 | ||
+ | |||
+ | ### node1# bash -c ' | ||
+ | ssh node2 mkdir -p .docker | ||
+ | ssh node3 mkdir -p .docker | ||
+ | scp ~/.docker/config.json node2:.docker/config.json | ||
+ | scp ~/.docker/config.json node3:.docker/config.json | ||
+ | ' | ||
+ | |||
+ | root@node1:~# cat /etc/containerd/config.toml | ||
+ | </code><code> | ||
+ | version = 2 | ||
+ | |||
+ | [plugins."io.containerd.grpc.v1.cri".registry] | ||
+ | [plugins."io.containerd.grpc.v1.cri".registry.mirrors] | ||
+ | [plugins."io.containerd.grpc.v1.cri".registry.mirrors."server.corpX.un:5000"] | ||
+ | endpoint = ["http://server.corpX.un:5000"] | ||
+ | [plugins."io.containerd.grpc.v1.cri".registry.configs] | ||
+ | [plugins."io.containerd.grpc.v1.cri".registry.configs."server.corpX.un:5000".tls] | ||
+ | insecure_skip_verify = true | ||
+ | # don't work in cri-tools 1.25, need public project | ||
+ | #[plugins."io.containerd.grpc.v1.cri".registry.configs."server.corpX.un:5000".auth] | ||
+ | # auth = "c3R1ZGVudDpwYXNzd29yZA==" | ||
+ | </code><code> | ||
+ | node1# bash -c ' | ||
+ | scp /etc/containerd/config.toml node2:/etc/containerd/config.toml | ||
+ | scp /etc/containerd/config.toml node3:/etc/containerd/config.toml | ||
+ | systemctl restart containerd | ||
+ | ssh node2 systemctl restart containerd | ||
+ | ssh node3 systemctl restart containerd | ||
+ | ' | ||
+ | |||
+ | root@nodeN:~# containerd config dump | less | ||
+ | </code> | ||
+ | |||
+ | Проверка | ||
+ | |||
+ | <code> | ||
+ | root@nodeN:~# crictl -r unix:///run/containerd/containerd.sock pull server.corpX.un:5000/student/webd | ||
</code> | </code> | ||
===== Базовые объекты k8s ===== | ===== Базовые объекты k8s ===== | ||
Line 112: | Line 260: | ||
* [[https://kubernetes.io/ru/docs/reference/kubectl/docker-cli-to-kubectl/|kubectl для пользователей Docker]] | * [[https://kubernetes.io/ru/docs/reference/kubectl/docker-cli-to-kubectl/|kubectl для пользователей Docker]] | ||
* [[https://kubernetes.io/docs/tasks/run-application/run-stateless-application-deployment/|Run a Stateless Application Using a Deployment]] | * [[https://kubernetes.io/docs/tasks/run-application/run-stateless-application-deployment/|Run a Stateless Application Using a Deployment]] | ||
+ | |||
<code> | <code> | ||
Line 120: | Line 269: | ||
$ kubectl get deployments | $ kubectl get deployments | ||
- | $ kubectl get pods | + | $ kubectl get pods -o wide |
$ kubectl attach my-debian-NNNNNNNNN-NNNNN | $ kubectl attach my-debian-NNNNNNNNN-NNNNN | ||
Line 132: | Line 281: | ||
$ kubectl delete deployment my-debian | $ kubectl delete deployment my-debian | ||
- | </code><code> | + | </code> |
- | [[https://kubernetes.io/docs/reference/glossary/?all=true#term-manifest| Kubernetes Documentation Reference Glossary/Manifest]] | + | * [[https://kubernetes.io/docs/reference/glossary/?all=true#term-manifest|Kubernetes Documentation Reference Glossary/Manifest]] |
- | </code><code> | + | <code> |
$ cat my-debian-deployment.yaml | $ cat my-debian-deployment.yaml | ||
</code><code> | </code><code> | ||
Line 162: | Line 311: | ||
</code> | </code> | ||
==== namespace для своего приложения ==== | ==== namespace для своего приложения ==== | ||
+ | |||
+ | * [[https://matthewpalmer.net/kubernetes-app-developer/articles/kubernetes-volumes-example-nfs-persistent-volume.html|How to use an NFS volume]] | ||
+ | |||
<code> | <code> | ||
$ kubectl create namespace my-ns | $ kubectl create namespace my-ns | ||
Line 167: | Line 319: | ||
$ kubectl get namespaces | $ kubectl get namespaces | ||
- | $ ### kubectl create deployment my-webd --image=server.corp13.un:5000/student/webd:latest --replicas=2 -n my-ns | + | $ ### kubectl create deployment my-webd --image=server.corpX.un:5000/student/webd:latest --replicas=2 -n my-ns |
+ | |||
+ | $ ### kubectl delete deployment my-webd -n my-ns | ||
+ | |||
+ | $ cd webd/ | ||
$ cat my-webd-deployment.yaml | $ cat my-webd-deployment.yaml | ||
Line 188: | Line 344: | ||
containers: | containers: | ||
- name: my-webd | - name: my-webd | ||
- | image: server.corp13.un:5000/student/webd:latest | + | |
+ | # image: server.corpX.un:5000/student/webd | ||
+ | # image: server.corpX.un:5000/student/webd:ver1.N | ||
+ | |||
+ | # livenessProbe: | ||
+ | # httpGet: | ||
+ | # port: 80 | ||
+ | |||
+ | # volumeMounts: | ||
+ | # - name: nfs-volume | ||
+ | # mountPath: /var/www | ||
+ | # volumes: | ||
+ | # - name: nfs-volume | ||
+ | # nfs: | ||
+ | # server: server.corpX.un | ||
+ | # path: /var/www | ||
</code><code> | </code><code> | ||
$ kubectl apply -f my-webd-deployment.yaml | $ kubectl apply -f my-webd-deployment.yaml | ||
- | $ kubectl get all -n my-ns | + | $ kubectl get all -n my-ns -o wide |
+ | |||
+ | $ kubectl describe -n my-ns pod/my-webd-NNNNNNNNNN-NNNNN | ||
$ kubectl scale deployment my-webd --replicas=3 -n my-ns | $ kubectl scale deployment my-webd --replicas=3 -n my-ns | ||
+ | |||
+ | $ kubectl delete pod/my-webd-NNNNNNNNNN-NNNNN -n my-ns | ||
</code> | </code> | ||
Line 200: | Line 375: | ||
* [[https://kubernetes.io/docs/concepts/services-networking/service/|Kubernetes Documentation Concepts Services, Load Balancing, and Networking Service]] | * [[https://kubernetes.io/docs/concepts/services-networking/service/|Kubernetes Documentation Concepts Services, Load Balancing, and Networking Service]] | ||
+ | |||
+ | * [[https://stackoverflow.com/questions/33069736/how-do-i-get-logs-from-all-pods-of-a-kubernetes-replication-controller|How do I get logs from all pods of a Kubernetes replication controller?]] | ||
<code> | <code> | ||
$ ### kubectl expose deployment my-webd --type=NodePort --port=80 -n my-ns | $ ### kubectl expose deployment my-webd --type=NodePort --port=80 -n my-ns | ||
+ | |||
+ | $ ### kubectl delete svc my-webd -n my-ns | ||
$ cat my-webd-service.yaml | $ cat my-webd-service.yaml | ||
Line 218: | Line 397: | ||
- protocol: TCP | - protocol: TCP | ||
port: 80 | port: 80 | ||
- | targetPort: 80 | + | # nodePort: 30111 |
- | status: | + | |
- | loadBalancer: {} | + | |
</code><code> | </code><code> | ||
$ kubectl apply -f my-webd-service.yaml | $ kubectl apply -f my-webd-service.yaml | ||
Line 226: | Line 403: | ||
$ kubectl get svc my-webd -n my-ns | $ kubectl get svc my-webd -n my-ns | ||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | ||
- | my-webd-svc NodePort 10.102.135.146 <none> 80:30350/TCP 18h | + | my-webd-svc NodePort 10.102.135.146 <none> 80:NNNNN/TCP 18h |
- | student@node3:~$ minikube service my-webd -n my-ns --url | + | $ kubectl describe svc my-webd -n my-ns |
- | http://192.168.49.2:30350 | + | |
- | student@node3:~$ curl $(minikube service my-webd -n my-ns --url) | + | $ curl http://node1,2,3:NNNNN |
+ | |||
+ | |||
+ | $ minikube service list | ||
+ | |||
+ | $ minikube service my-webd -n my-ns --url | ||
+ | http://192.168.49.2:NNNNN | ||
+ | |||
+ | $ curl $(minikube service my-webd -n my-ns --url) | ||
+ | |||
+ | |||
+ | $ kubectl logs -l app=my-webd -n my-ns | ||
+ | (доступны опции -f, --tail=2000, --previous) | ||
+ | </code> | ||
+ | |||
+ | ==== Удаление объектов ==== | ||
+ | <code> | ||
+ | $ kubectl delete -n my-ns -f my-webd-deployment.yaml,my-webd-service.yaml | ||
+ | |||
+ | или | ||
+ | |||
+ | $ kubectl delete namespace my-ns | ||
</code> | </code> | ||
Line 237: | Line 434: | ||
* [[https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/|Set up Ingress on Minikube with the NGINX Ingress Controller]] | * [[https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/|Set up Ingress on Minikube with the NGINX Ingress Controller]] | ||
- | * [[https://stackoverflow.com/questions/33069736/how-do-i-get-logs-from-all-pods-of-a-kubernetes-replication-controller|How do I get logs from all pods of a Kubernetes replication controller?]] | + | * [[https://www.golinuxcloud.com/kubectl-port-forward/|kubectl port-forward examples in Kubernetes]] |
<code> | <code> | ||
- | student@node2:~$ minikube addons enable ingress | + | server# host webd |
+ | webd.corpX.un has address 192.168.49.2 | ||
+ | или | ||
+ | webd.corpX.un has address 192.168.X.201 | ||
- | gitlab-runner@gate:~/webd$ cat my-webd-ingress.yaml | + | |
+ | gitlab-runner@server:~$ minikube addons enable ingress | ||
+ | </code> | ||
+ | * [[https://kubernetes.github.io/ingress-nginx/deploy/#quick-start|NGINX ingress controller quick-start]] | ||
+ | <code> | ||
+ | root@node1:~# kubectl port-forward --namespace=ingress-nginx --address 0.0.0.0 service/ingress-nginx-controller 80:80 | ||
+ | |||
+ | |||
+ | gitlab-runner@server:~/webd$ ### kubectl create ingress my-webd --class=nginx --rule="webd.corpX.un/*=my-webd:80" -n my-ns | ||
+ | |||
+ | gitlab-runner@server:~/webd$ cat my-webd-ingress.yaml | ||
</code><code> | </code><code> | ||
apiVersion: networking.k8s.io/v1 | apiVersion: networking.k8s.io/v1 | ||
Line 249: | Line 459: | ||
name: my-webd | name: my-webd | ||
namespace: my-ns | namespace: my-ns | ||
- | annotations: | ||
- | nginx.ingress.kubernetes.io/rewrite-target: /$1 | ||
spec: | spec: | ||
+ | ingressClassName: nginx | ||
rules: | rules: | ||
- | - host: webd.corp13.un | + | - host: webd.corpX.un |
- | http: | + | http: |
- | paths: | + | paths: |
- | - path: /(.*) | + | - backend: |
- | pathType: Prefix # Попробовать: ImplementationSpecific | + | service: |
- | backend: | + | name: my-webd |
- | service: | + | port: |
- | name: my-webd | + | number: 80 |
- | port: | + | path: / |
- | number: 80 | + | pathType: Prefix |
+ | status: | ||
+ | loadBalancer: {} | ||
</code><code> | </code><code> | ||
$ kubectl apply -f my-webd-ingress.yaml | $ kubectl apply -f my-webd-ingress.yaml | ||
+ | |||
$ kubectl get ingress -n my-ns | $ kubectl get ingress -n my-ns | ||
+ | NAME CLASS HOSTS ADDRESS PORTS AGE | ||
+ | my-webd nginx webd.corpX.un 80 11s | ||
- | root@gate.corp13.un:~# host webd | + | $ curl webd.corpX.un |
- | webd.corp13.un is an alias for node2.corp13.un. | + | |
- | node2.corp13.un has address 192.168.13.220 | + | |
- | $ curl webd.corp13.un | + | $ ### kubectl delete ingress my-webd -n my-ns |
- | + | ||
- | $ kubectl logs -l app=my-webd -n my-ns | + | |
- | </code> | + | |
- | ==== Удаление объектов ==== | + | |
- | <code> | + | |
- | $ kubectl delete -n my-ns -f my-webd-deployment.yaml,my-webd-service.yaml,my-webd-ingress.yaml | + | |
- | + | ||
- | или | + | |
- | + | ||
- | $ kubectl delete namespace my-ns | + | |
- | </code> | + | |
- | + | ||
- | ==== Пример с nfs volume ==== | + | |
- | + | ||
- | * [[https://matthewpalmer.net/kubernetes-app-developer/articles/kubernetes-volumes-example-nfs-persistent-volume.html|How to use an NFS volume]] | + | |
- | + | ||
- | <code> | + | |
- | $ cat my-webd-nfs-deployment.yaml | + | |
- | ... | + | |
- | spec: | + | |
- | containers: | + | |
- | - name: my-webd | + | |
- | image: server.corp13.un:5000/student/webd:latest | + | |
- | volumeMounts: | + | |
- | - name: nfs-volume | + | |
- | mountPath: /var/www | + | |
- | volumes: | + | |
- | - name: nfs-volume | + | |
- | nfs: | + | |
- | server: 192.168.13.1 | + | |
- | path: /var/www | + | |
</code> | </code> | ||
Line 379: | Line 560: | ||
- | ==== Установка ==== | + | ==== Установка Helm ==== |
* [[https://helm.sh/docs/intro/install/|Installing Helm]] | * [[https://helm.sh/docs/intro/install/|Installing Helm]] | ||
<code> | <code> | ||
- | $ wget https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz | + | server# wget https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz |
- | $ tar -zxvf helm-v3.9.0-linux-amd64.tar.gz | + | # tar -zxvf helm-v3.9.0-linux-amd64.tar.gz |
- | $ sudo mv linux-amd64/helm /usr/local/bin/helm | + | # mv linux-amd64/helm /usr/local/bin/helm |
</code> | </code> | ||
+ | ==== Работа с готовыми Charts ==== | ||
+ | |||
+ | * [[https://kubernetes.github.io/ingress-nginx/deploy/|NGINX Ingress Controller Installation Guide]] | ||
+ | |||
+ | <code> | ||
+ | $ curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml | ||
+ | |||
+ | $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml | ||
+ | |||
+ | $ kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml | ||
+ | |||
+ | $ helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace | ||
+ | |||
+ | $ helm list --namespace ingress-nginx | ||
+ | $ helm list -A | ||
+ | |||
+ | $ ### helm delete ingress-nginx --namespace ingress-nginx | ||
+ | </code> | ||
==== Развертывание своего приложения ==== | ==== Развертывание своего приложения ==== | ||
Line 412: | Line 611: | ||
... | ... | ||
image: | image: | ||
- | repository: server.corp13.un:5000/student/webd | + | repository: server.corpX.un:5000/student/webd |
pullPolicy: Always | pullPolicy: Always | ||
... | ... | ||
Line 423: | Line 622: | ||
ingress: | ingress: | ||
enabled: true | enabled: true | ||
+ | className: "nginx" | ||
... | ... | ||
hosts: | hosts: | ||
Line 434: | Line 634: | ||
... | ... | ||
</code><code> | </code><code> | ||
- | !!! Был замечен "глюк" DNS, из-за которого не загружался Docker образ, "лечился" предварительным созданием namespace | + | $ helm install my-webd webd-chart/ -n my-ns --create-namespace --wait |
- | + | ||
- | $ helm install my-webd webd-chart/ --n my-ns --create-namespace --wait | + | |
$ export HELM_NAMESPACE=my-ns | $ export HELM_NAMESPACE=my-ns | ||
Line 489: | Line 687: | ||
===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||
+ | ==== bare-metal minikube ==== | ||
+ | |||
+ | <code> | ||
+ | student@node2:~$ sudo apt install conntrack | ||
+ | |||
+ | https://computingforgeeks.com/install-mirantis-cri-dockerd-as-docker-engine-shim-for-kubernetes/ | ||
+ | ... | ||
+ | |||
+ | wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz | ||
+ | ... | ||
+ | |||
+ | student@node2:~$ minikube start --driver=none --insecure-registry "server.corp13.un:5000" | ||
+ | </code> | ||
+ | |||
+ | ==== minikube dashboard ==== | ||
+ | <code> | ||
+ | student@node1:~$ minikube dashboard & | ||
+ | ... | ||
+ | Opening http://127.0.0.1:NNNNN/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/ in your default browser | ||
+ | ... | ||
+ | /home/mobaxterm> ssh -L NNNNN:localhost:NNNNN student@192.168.X.10 | ||
+ | Теперь, та же ссылка работает на win host системе | ||
+ | </code> | ||
+ | |||
+ | ==== Подключение к minikube с другой системы ==== | ||
+ | |||
+ | * Если не minikube, то достаточно только копию .kube/config | ||
+ | * [[https://habr.com/ru/company/flant/blog/345580/|см. Настройка GitLab Runner]] | ||
+ | |||
+ | <code> | ||
+ | student@node1:~$ tar -cvzf kube-config.tar.gz .kube/config .minikube/ca.crt .minikube/profiles/minikube | ||
+ | |||
+ | gitlab-runner@server:~$ scp student@node1:kube-config.tar.gz . | ||
+ | |||
+ | gitlab-runner@server:~$ tar -xvf kube-config.tar.gz | ||
+ | |||
+ | gitlab-runner@server:~$ cat .kube/config | ||
+ | </code><code> | ||
+ | ... | ||
+ | certificate-authority: /home/gitlab-runner/.minikube/ca.crt | ||
+ | ... | ||
+ | client-certificate: /home/gitlab-runner/.minikube/profiles/minikube/client.crt | ||
+ | client-key: /home/gitlab-runner/.minikube/profiles/minikube/client.key | ||
+ | ... | ||
+ | </code> | ||
==== kompose ==== | ==== kompose ==== | ||
+ | * [[https://stackoverflow.com/questions/47536536/whats-the-difference-between-docker-compose-and-kubernetes|What's the difference between Docker Compose and Kubernetes?]] | ||
* [[https://loft.sh/blog/docker-compose-to-kubernetes-step-by-step-migration/|Docker Compose to Kubernetes: Step-by-Step Migration]] | * [[https://loft.sh/blog/docker-compose-to-kubernetes-step-by-step-migration/|Docker Compose to Kubernetes: Step-by-Step Migration]] | ||
* [[https://kubernetes.io/docs/tasks/configure-pod-container/translate-compose-kubernetes/|Translate a Docker Compose File to Kubernetes Resources]] | * [[https://kubernetes.io/docs/tasks/configure-pod-container/translate-compose-kubernetes/|Translate a Docker Compose File to Kubernetes Resources]] |