User Tools
система_kubernetes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
система_kubernetes [2026/01/19 12:26] val [Управление образами] |
система_kubernetes [2026/01/29 14:02] (current) val [Управление образами] |
||
|---|---|---|---|
| Line 146: | Line 146: | ||
| <code> | <code> | ||
| - | gitlab-runner@server:~$ time minikube start --driver=docker --insecure-registry "server.corpX.un:5000" | + | gitlab-runner@server:~$ time minikube start --driver=docker --insecure-registry "server.corpX.un:5000" #--registry-mirror="https://mirror.gcr.io" |
| real 3m9.625s ... 41m8.320s | real 3m9.625s ... 41m8.320s | ||
| ... | ... | ||
| Line 529: | Line 529: | ||
| </code> | </code> | ||
| - | * [[Сервис Ansible#Использование модулей]] Ansible для отключения swap | + | * [[Сервис Ansible#Использование модулей]] Ansible для отключения swap (делается автоматически) |
| - | * [[Сервис Ansible#Использование ролей]] Ansible для настройки сети | + | * [[Сервис Ansible#Использование ролей]] Ansible для настройки сети (не обязательно) |
| + | * Может потребоваться [[#Настройка registry-mirrors для Kubespray]] | ||
| === Развертывание кластера через Kubespray === | === Развертывание кластера через Kubespray === | ||
| Line 570: | Line 571: | ||
| $ kubectl get nodes -o wide | $ kubectl get nodes -o wide | ||
| - | </code> | ||
| - | |||
| - | === Добавление insecure_registries через Kubespray === | ||
| - | <code> | ||
| - | ~/kubespray# cat inventory/mycluster/group_vars/all/containerd.yml | ||
| - | </code><code> | ||
| - | ... | ||
| - | containerd_insecure_registries: | ||
| - | "server.corpX.un:5000": "http://server.corpX.un:5000" | ||
| - | containerd_registry_auth: | ||
| - | - registry: server.corpX.un:5000 | ||
| - | username: student | ||
| - | password: Pa$$w0rd | ||
| - | ... | ||
| - | </code><code> | ||
| - | ~/kubespray# time ansible-playbook -i inventory/mycluster/hosts.yaml cluster.yml | ||
| - | user 46m37.151s | ||
| - | |||
| - | # less /etc/containerd/config.toml | ||
| - | </code> | ||
| - | |||
| - | === Управление дополнениями через Kubespray === | ||
| - | <code> | ||
| - | ~/kubespray# cat inventory/mycluster/group_vars/k8s_cluster/addons.yml | ||
| - | </code><code> | ||
| - | ... | ||
| - | helm_enabled: true | ||
| - | ... | ||
| - | ingress_nginx_enabled: true | ||
| - | ingress_nginx_host_network: true | ||
| - | ... | ||
| </code> | </code> | ||
| Line 629: | Line 599: | ||
| </code><code> | </code><code> | ||
| server:~# docker run --userns=host --rm -it -v /root/inventory/sample:/inventory -v /root/.ssh/:/root/.ssh/ quay.io/kubespray/kubespray:v2.29.0 bash | server:~# docker run --userns=host --rm -it -v /root/inventory/sample:/inventory -v /root/.ssh/:/root/.ssh/ quay.io/kubespray/kubespray:v2.29.0 bash | ||
| + | |||
| + | root@cf764ca3b291:/kubespray# ansible all -m ping -i /inventory/inventory.ini | ||
| + | |||
| + | root@cf764ca3b291:/kubespray# ###cp -rv inventory/sample/group_vars/ /inventory/ | ||
| root@cf764ca3b291:/kubespray# time ansible-playbook -i /inventory/inventory.ini cluster.yml | root@cf764ca3b291:/kubespray# time ansible-playbook -i /inventory/inventory.ini cluster.yml | ||
| Line 659: | Line 633: | ||
| server:~# ssh kubeN service containerd restart | server:~# ssh kubeN service containerd restart | ||
| + | </code> | ||
| + | |||
| + | === Использование proxy в containerd === | ||
| + | <code> | ||
| + | # systemctl edit containerd | ||
| + | </code><code> | ||
| + | ... | ||
| + | [Service] | ||
| + | Environment="HTTP_PROXY=http://openproxy2.bmstu.ru:3128" | ||
| + | Environment="HTTPS_PROXY=http://openproxy2.bmstu.ru:3128" | ||
| + | Environment="NO_PROXY=localhost,127.0.0.1,::1,10.0.0.0/8,192.168.0.0/16,.svc,.cluster.local" | ||
| + | ... | ||
| </code> | </code> | ||
| ==== Обновление сертификатов ==== | ==== Обновление сертификатов ==== | ||
| Line 1053: | Line 1039: | ||
| </code><code> | </code><code> | ||
| $ kubectl apply -f first-pool.yaml | $ kubectl apply -f first-pool.yaml | ||
| + | |||
| + | $ kubectl -n metallb-system get ipaddresspools.metallb.io | ||
| + | |||
| + | $ kubectl get services -A | grep LoadBalancer | ||
| ... | ... | ||
| Line 2525: | Line 2515: | ||
| student@vps:~$ kubectl -n cert-manager get all | student@vps:~$ kubectl -n cert-manager get all | ||
| - | student@vps:~$ #kubectl create secret generic cert-manager-tsig-secret --from-literal=tsig-secret-key="NNN...NNN" -n cert-manager | + | student@vps:~$ #kubectl create secret generic cert-manager-tsig-secret --from-literal=tsig-secret-key="s751+e/OkNNNNNN=" -n cert-manager |
| student@vps:~$ cat ...issuer.yaml | student@vps:~$ cat ...issuer.yaml | ||
| Line 2595: | Line 2585: | ||
| #kind: ClusterIssuer | #kind: ClusterIssuer | ||
| #kind: Issuer | #kind: Issuer | ||
| + | privateKey: | ||
| + | rotationPolicy: Always | ||
| </code> | </code> | ||
| Line 2771: | Line 2763: | ||
| ===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||
| - | ==== Настройка registry-mirrors для Kubespray ==== | + | ==== Дополнительные материалы по Kubespray ==== |
| + | |||
| + | === Настройка registry-mirrors для Kubespray === | ||
| <code> | <code> | ||
| ~/kubespray# cat inventory/mycluster/group_vars/all/docker.yml | ~/kubespray# cat inventory/mycluster/group_vars/all/docker.yml | ||
| Line 2789: | Line 2783: | ||
| capabilities: ["pull", "resolve"] | capabilities: ["pull", "resolve"] | ||
| skip_verify: false | skip_verify: false | ||
| + | ... | ||
| + | </code> | ||
| + | |||
| + | === Добавление insecure_registries через Kubespray === | ||
| + | <code> | ||
| + | ~/kubespray# cat inventory/mycluster/group_vars/all/containerd.yml | ||
| + | </code><code> | ||
| + | ... | ||
| + | containerd_insecure_registries: | ||
| + | "server.corpX.un:5000": "http://server.corpX.un:5000" | ||
| + | containerd_registry_auth: | ||
| + | - registry: server.corpX.un:5000 | ||
| + | username: student | ||
| + | password: Pa$$w0rd | ||
| + | ... | ||
| + | </code><code> | ||
| + | ~/kubespray# time ansible-playbook -i inventory/mycluster/hosts.yaml cluster.yml | ||
| + | user 46m37.151s | ||
| + | |||
| + | # less /etc/containerd/config.toml | ||
| + | </code> | ||
| + | |||
| + | === Управление дополнениями через Kubespray === | ||
| + | <code> | ||
| + | ~/kubespray# cat inventory/mycluster/group_vars/k8s_cluster/addons.yml | ||
| + | </code><code> | ||
| + | ... | ||
| + | helm_enabled: true | ||
| + | ... | ||
| + | ingress_nginx_enabled: true | ||
| + | ingress_nginx_host_network: true | ||
| ... | ... | ||
| </code> | </code> | ||
система_kubernetes.1768814778.txt.gz · Last modified: 2026/01/19 12:26 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
