Differences

This shows you the differences between two versions of the page.

--- система_kubernetes [2025/03/26 16:21]
val [Deployment, Replica Sets, Pods]
+++ система_kubernetes [2025/10/06 07:15] (current)
val [Работа с готовыми Charts]
@@ Line 11: / Line 11: @@
   * [[https://habr.com/ru/companies/domclick/articles/566224/|Различия между Docker, containerd, CRI-O и runc]]
   * [[https://daily.dev/blog/kubernetes-cni-comparison-flannel-vs-calico-vs-canal|Kubernetes CNI Comparison: Flannel vs Calico vs Canal]]
+  * [[https://habr.com/ru/companies/slurm/articles/464987/|Хранилища в Kubernetes: OpenEBS vs Rook (Ceph) vs Rancher Longhorn vs StorageOS vs Robin vs Portworx vs Linstor]]
+  * [[https://parshinpn.ru/ru/blog/external-connectivity-kubernetes-calico|Настраиваем сетевую связность внешнего узла с кластером Kubernetes (route reflector)]]
   * [[https://habr.com/ru/company/vk/blog/542730/|11 факапов PRO-уровня при внедрении Kubernetes и как их избежать]]
@@ Line 99: / Line 101: @@
   * [[https://minikube.sigs.k8s.io/docs/start/|Documentation/Get Started/minikube start]]
+  * [[https://stackoverflow.com/questions/42564058/how-can-i-use-local-docker-images-with-minikube|How can I use local Docker images with Minikube?]]
 <code>
@@ Line 114: / Line 117: @@
 <code>
 gitlab-runner@server:~$ time minikube start --driver=docker --insecure-registry "server.corpX.un:5000"
-real    29m8.320s
+real    41m8.320s
 ...
@@ Line 135: / Line 138: @@
 </code><code>
 gitlab-runner@server:~$ kubectl get pods -A
+</code>
+или
+<code>
+# cp -v /home/gitlab-runner/.minikube/cache/linux/amd64/v*/kubectl /usr/local/bin/
 </code>
@@ Line 342: / Line 351: @@
 <code>
 root@node1:~# mkdir -p /etc/containerd/
+root@node1:~# ###containerd config default > /etc/containerd/config.toml
 root@node1:~# cat /etc/containerd/config.toml
@@ Line 362: / Line 373: @@
 root@nodeN:~# containerd config dump | less
+</code>
+== сontainerd v3 ==
+  * [[https://stackoverflow.com/questions/79305194/unable-to-pull-image-from-insecure-registry-http-server-gave-http-response-to/79308521#79308521]]
+<code>
+# mkdir -p /etc/containerd/certs.d/server.corpX.un:5000/
+# cat /etc/containerd/certs.d/server.corpX.un:5000/hosts.toml
+</code><code>
+[host."http://server.corpX.un:5000"]
+  capabilities = ["pull", "resolve", "push"]
+  skip_verify = true
+</code><code>
+# systemctl restart containerd.service
 </code>
@@ Line 368: / Line 395: @@
 <code>
 root@nodeN:~# crictl -r unix:///run/containerd/containerd.sock pull server.corpX.un:5000/student/gowebd
-</code>
+root@kubeN:~# crictl pull server.corpX.un:5000/student/pywebd2
+</code>
 ==== Развертывание через Kubespray ====
@@ Line 559: / Line 587: @@
 $ kubectl delete deployment my-debian
 </code>
+==== Manifest ====
   * [[https://kubernetes.io/docs/reference/glossary/?all=true#term-manifest|Kubernetes Documentation Reference Glossary/Manifest]]
 <code>
@@ Line 583: / Line 614: @@
         command: ["/bin/sh"]
         args: ["-c", "while :;do echo -n random-value:;od -A n -t d -N 1 /dev/urandom;sleep 5; done"]
         resources:
           requests:
@@ Line 594: / Line 624: @@
 </code><code>
 $ kubectl apply -f my-debian-deployment.yaml #--dry-run=client #-o yaml
+$ kubectl logs -l app=my-debian -f
 ...
 $ kubectl delete -f my-debian-deployment.yaml
@@ Line 619: / Line 651: @@
 $ ### kubectl delete deployment my-webd -n my-ns
-$ cd webd/
+$ mkdir ??webd-k8s/; cd $_
 $ cat my-webd-deployment.yaml
@@ Line 645: / Line 677: @@
 #        image: server.corpX.un:5000/student/webd:ver1.N
 #        image: httpd
+#        args: ["gunicorn", "app:app", "--bind", "0.0.0.0:8000", "-k", "uvicorn.workers.UvicornWorker"]
 #        imagePullPolicy: "Always"
@@ Line 802: / Line 835: @@
 $ kubectl get endpoints -n my-ns
+  или
+$ kubectl get endpointslice -n my-ns
 </code>
 === NodePort ===
@@ Line 929: / Line 964: @@
   * [[https://kubernetes.github.io/ingress-nginx/deploy/#quick-start|NGINX ingress controller quick-start]]
+  * [[#Работа с готовыми Charts]]
 === Minikube ingress-nginx-controller ===
@@ Line 1045: / Line 1081: @@
 <code>
-node1# ### kubectl create ingress my-ingress --class=nginx --rule="webd.corpX.un/*=my-webd:80" -n my-ns
+kube1# ### kubectl create ingress my-ingress --class=nginx --rule="webd.corpX.un/*=my-webd:80" -n my-ns
-node1# cat my-ingress.yaml
+kube1# cat my-ingress.yaml
 </code><code>
 apiVersion: networking.k8s.io/v1
@@ Line 1084: / Line 1120: @@
         pathType: Prefix
 </code><code>
-node1# kubectl apply -f my-ingress.yaml -n my-ns
+kube1# kubectl apply -f my-ingress.yaml -n my-ns
-node1# kubectl get ingress -n my-ns
+kube1# kubectl get ingress -n my-ns
 NAME      CLASS   HOSTS                             ADDRESS                         PORTS   AGE
 my-webd   nginx   webd.corpX.un,gowebd.corpX.un   192.168.X.202,192.168.X.203   80      14m
@@ Line 1101: / Line 1137: @@
 $ kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx -f
-node1# ### kubectl delete ingress my-ingress -n my-ns
+kube1# ### kubectl delete ingress my-ingress -n my-ns
 </code>
@@ Line 1117: / Line 1153: @@
 $ ###kubectl delete secret/gowebd-tls -n my-ns
 </code>
+=== cert-manager ===
+  * [[Letsencrypt Certbot]]
+  * [[https://cert-manager.io/docs/tutorials/acme/nginx-ingress/|cert-manager Securing NGINX-ingress]]
+  * [[Сервис Keepalived]] для 443-го порта
+  * [[Решение HAProxy]] для 80-го (cert-manager проверяет ссылку изнутри кластера)
+<code>
+увидеть ссылку
+student@debian:~/gowebd-k8s$ kubectl -n my-ns get ingress -o yaml | less
+увидеть обработчик
+student@debian:~/gowebd-k8s$ kubectl -n my-ns get pods
+NAME                        READY   STATUS    RESTARTS   AGE
+cm-acme-http-solver-5j2pr   1/1     Running   0          28s
+my-webd-78ffd6cc5f-4qplt    1/1     Running   0          4d14h
+my-webd-78ffd6cc5f-zpcsh    1/1     Running   0          4d14h
+</code>
 ==== Volumes ====
@@ Line 1399: / Line 1451: @@
   * Делаем снапшот
   * Что-то ломаем (удаляем пользователя)
-  * Останавливаем сервис
+== Остановка сервиса ==
 <code>
@@ Line 1736: / Line 1789: @@
 #    use-forwarded-headers: true
 #    allow-snippet-annotations: true
+#  service:
+#    type: LoadBalancer
+#    loadBalancerIP: "192.168.X.64"
 </code><code>
 $ helm template ingress-nginx -f values.yaml --repo https://kubernetes.github.io/ingress-nginx -n ingress-nginx | tee t2.yaml
@@ Line 2128: / Line 2184: @@
 kube1# kubectl top pod #-n kube-system
-kube1# kubectl top pod -A --sort-by=mem
+kube1# kubectl top pod -A --sort-by=memory
 kube1# kubectl top node
 </code>
+==== kube-state-metrics ====
+  * [[https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics]]
+  * ... алерты с инфой по упавшим подам ...
+<code>
+kube1# helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+kube1# helm repo update
+kube1# helm install kube-state-metrics prometheus-community/kube-state-metrics -n vm --create-namespace
+kube1# curl kube-state-metrics.vm.svc.cluster.local:8080/metrics
+</code>
 ===== Отладка, troubleshooting =====

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools