Differences

This shows you the differences between two versions of the page.

--- система_kubernetes [2026/02/23 07:38]
val [Deployment]
+++ система_kubernetes [2026/03/15 09:53] (current)
val [Gateway API]
@@ Line 606: / Line 606: @@
 root@cf764ca3b291:/kubespray# cp -rv inventory/sample/group_vars/ /inventory/
 </code>
-  * Может потребоваться [[#Настройка registry-mirrors для Kubespray]]
+  * Может потребоваться [[#Настройка registry-mirrors для Kubespray]] и [[#Добавление insecure_registries через Kubespray]]
 <code>
 root@cf764ca3b291:/kubespray# time ansible-playbook -i /inventory/inventory.ini cluster.yml
@@ Line 1222: / Line 1222: @@
 === ingress-traefik-controller ===
-  * [[#Traefik]]
+  * [[#Traefik]] (providers.kubernetesGateway.enabled: false и ingressRoute.dashboard.enabled: false (требует CRD IngressRoute))
 === ingress example ===
@@ Line 1312: / Line 1312: @@
 </code>
+==== IngressRoute ====
+  * [[#Traefik]]
+<code>
+kube1:~/traefik# kubectl get ingressclasses
+kube1:~/webd-k8s# ###cat my-ingressroute.yaml
+</code><code>
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: my-ingressroute
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`htwebd.corpX.un`)
+      kind: Rule
+      services:
+        - name: my-webd
+          port: 80
+</code>
 ==== Gateway API ====
@@ Line 1318: / Line 1340: @@
 <code>
 kube1:~# kubectl get gatewayclasses
+kube1:~# kubectl get customresourcedefinitions | grep gate
 </code>
@@ Line 1331: / Line 1355: @@
 service:
   spec:
-    loadBalancerIP: "192.168.X.64"
+    loadBalancerIP: "192.168.X.66"
 ingressRoute:
   dashboard:
     enabled: true
-    matchRule: Host(`dashboard-traefik.corpX.un`)
+    matchRule: Host(`dash-tr.corpX.un`)
     entryPoints:
       - web
@@ Line 1350: / Line 1374: @@
 kube1:~/traefik# helm install traefik traefik -f values.yaml --repo https://traefik.github.io/charts -n traefik --version 39.0.1 --create-namespace
-</code><code>
-kube1:~/traefik# kubectl get ingressclasses
-kube1:~/webd-k8s# ###cat my-ingressroute.yaml
+kube1:~/traefik# kubectl -n traefik get endpointslices
-</code><code>
+NAME            ADDRESSTYPE   PORTS       ENDPOINTS     AGE
-apiVersion: traefik.io/v1alpha1
+traefik-j6bwt   IPv4          8000,8443   10.233.87.8   36m
-kind: IngressRoute
-metadata:
-  name: my-ingressroute
-spec:
-  entryPoints:
-    - web
-  routes:
-    - match: Host(`htwebd.corpX.un`)
-      kind: Rule
-      services:
-        - name: my-webd
-          port: 80
 </code>
@@ Line 1376: / Line 1386: @@
 <code>
 kube1:~/envoygateway# helm show values oci://docker.io/envoyproxy/gateway-helm --version v1.6.4
 kube1:~/envoygateway# helm install eg oci://docker.io/envoyproxy/gateway-helm --version v1.6.4 -n envoy-gateway-system --create-namespace
 kube1:~/envoygateway# cat envoyproxy.yaml
+</code><code>
 apiVersion: gateway.envoyproxy.io/v1alpha1
 kind: EnvoyProxy
@@ Line 1393: / Line 1404: @@
         type: LoadBalancer
         annotations:
-          metallb.universe.tf/loadBalancerIPs: "192.168.X.66"
+          metallb.universe.tf/loadBalancerIPs: "192.168.X.67"
+</code><code>
+kube1:~/envoygateway# kubectl -n envoy-gateway-system apply -f envoyproxy.yaml
 kube1:~/envoygateway# cat gatewayclass.yaml
+</code><code>
 apiVersion: gateway.networking.k8s.io/v1
 kind: GatewayClass
@@ Line 1407: / Line 1421: @@
     name: custom-envoy-proxy
     namespace: envoy-gateway-system
+</code><code>
+kube1:~/envoygateway# kubectl apply -f gatewayclass.yaml
+</code>
+=== Gateway ===
+<code>
+kube1:~/webd-k8s# cat my-gateway.yaml
+</code><code>
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: my-gateway
+spec:
+#  gatewayClassName: traefik
+#  gatewayClassName: eg
+  listeners:
+  - name: http
+#    port: 8000
+#    port: 80
+    protocol: HTTP
+  - name: https
+    hostname: "webd.corpX.un"
+    protocol: HTTPS
+#    port: 8443
+#    port: 443
+    tls:
+      mode: Terminate
+      certificateRefs:
+        - kind: Secret
+          name: webd-tls
+</code>
+=== HTTPRoute ===
+<code>
+kube1:~/webd-k8s# cat my-httproute.yaml
+</code><code>
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: my-httproute
+spec:
+  hostnames:
+  - webd.corpX.un
+  parentRefs:
+#  - name: my-gateway
+#  - name: traefik-gateway
+#    namespace: traefik
+  rules:
+  - matches:
+    - path:
+        type: Exact
+        value: /
+#    filters:
+#    - type: RequestHeaderModifier
+#      requestHeaderModifier:
+#        add:
+#        - name: X-Gateway-ID
+#          value: "external-gw-prod"
+    backendRefs:
+    - name: my-webd
+      port: 80
+#      weight: 70
+#    - name: my-webd2
+#      port: 80
+#      weight: 30
 </code>
 ==== Volumes ====
@@ Line 2502: / Line 2582: @@
   ИЛИ
 kube1:~/users# kubectl delete clusterrolebindings user1-cluster-admin
+</code>
+===== Horizontal Pod Autoscaler =====
+  * [[#Metrics Server]]
+<code>
+kube1:~/webd-k8s# cat my-webd-deployment.yaml
+</code><code>
+...
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "250m"
+</code><code>
+kube1:~/webd-k8s# cat my-webd-hpa.yaml
+</code><code>
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: my-webd-hpa
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: my-webd
+  minReplicas: 2
+  maxReplicas: 10
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 50
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: 80
+</code><code>
+kube1:~/webd-k8s# kubectl -n my-ns get hpa
 </code>
@@ Line 2705: / Line 2828: @@
 ==== Metrics Server ====
-  * [[https://kubernetes-sigs.github.io/metrics-server/Kubernetes Metrics Server]]
+  * [[https://github.com/kubernetes-sigs/metrics-server/releases]]
   * [[https://medium.com/@cloudspinx/fix-error-metrics-api-not-available-in-kubernetes-aa10766e1c2f|Fix “error: Metrics API not available” in Kubernetes]]
+<code>
+kube1# kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.8.1/components.yaml
+kube1# kubectl patch deployment metrics-server -n kube-system --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]'
+</code>
+или
 <code>
 kube1:~/metrics-server# curl -L https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.7.2/components.yaml | tee metrics-server-components.yaml
@@ Line 2721: / Line 2851: @@
 </code><code>
 kube1:~/metrics-server# kubectl apply -f metrics-server-components.yaml
+</code>
+Проверки
+<code>
 kube1# kubectl get pods -A | grep metrics-server
+kube1# kubectl logs -n kube-system -l k8s-app=metrics-server
 kube1# kubectl top pod #-n kube-system

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools