Differences

This shows you the differences between two versions of the page.

--- система_kubernetes [2026/06/10 14:57]
val [Manifest]
+++ система_kubernetes [2026/06/20 09:15] (current)
val [Deployment]
@@ Line 604: / Line 604: @@
 root@cf764ca3b291:/kubespray# ansible all -m ping -i /inventory/inventory.ini
 </code>
-  * [[Сервис Ansible#Использование ролей]] Ansible для настройки сети
+  * [[Сервис Ansible#Использование ролей]] Ansible для настройки сети (!!! dhcp клиент может успеть затереть /etc/resolv.conf, поможет запуск роли повторно)
   * Может потребоваться
@@ Line 619: / Line 619: @@
 </code>
 === Удаление вышедшего из строя узла через kubespray ===
+в случае любого, кроме первого мастер узла, понадобится:
 <code>
@@ Line 637: / Line 639: @@
 ... ansible-playbook -i /inventory/inventory.ini remove-node.yml ...
+kube2:~# kubectl -n kube-public edit configmaps
+kube2:~# kubectl -n kube-system edit configmaps
+/kube1
+/221
+</code>
-kube2:~# kubectl get configmap -n kube-system -o yaml | grep X.221
+=== Обновление кластера через kubespray ===
-kube2:~# kubectl edit configmap cluster-info -n kube-public
+<code>
-kube2:~# kubectl edit configmap kubeadm-config -n kube-system
+kube2:~# k get nodes
+... VERSION
+... v1.33.5
+...
+server# docker run --userns=host --rm -it -v /root/inventory/sample:/inventory -v /root/:/root/ quay.io/kubespray/kubespray:v2.30.0 bash
+e3101d539521:/kubespray# time ansible-playbook -i /inventory/inventory.ini upgrade_cluster.yml
+kube2:~# k get nodes
+... VERSION
+... v1.34.3
+...
 </code>
@@ Line 865: / Line 884: @@
 #        env:
 #        - name: PYWEBD_DOC_ROOT
-#          value: "/usr/local/apache2/htdocs/"
+#          value: "/home/myuser/www/"
 #        - name: PYWEBD_PORT
 #          value: "4080"
@@ Line 1493: / Line 1512: @@
 kube1:~/envoygateway# helm show values oci://docker.io/envoyproxy/gateway-helm --version v1.6.4
-kube1:~/envoygateway# helm install eg oci://docker.io/envoyproxy/gateway-helm --version v1.6.4 -n envoy-gateway-system --create-namespace
+kube1:~/envoygateway# helm upgrade -i eg oci://docker.io/envoyproxy/gateway-helm --version v1.6.4 -n envoy-gateway-system --create-namespace
 kube1:~/envoygateway# cat envoyproxy.yaml
@@ Line 1630: / Line 1649: @@
     kind: Service
     name: my-ubuntu
+</code><code>
+kube1:~/webd-k8s# kubectl apply -f my-reference-grant.yaml
 </code>
 ==== Volumes ====
@@ Line 2747: / Line 2768: @@
   apiGroup: rbac.authorization.k8s.io
 </code><code>
+kube1:~/users# kubectl apply -f freeipa-kube-admin.yaml
 student@client1:~$ kubectl get nodes
 </code>
@@ Line 2791: / Line 2814: @@
   - Ingress
   ingress:
+  - from:
+    - podSelector: {}
   - from:
     - namespaceSelector:
@@ Line 2802: / Line 2827: @@
         matchLabels:
           kubernetes.io/metadata.name: cnpg-system
-    ports:
+  - from:                 # for sync inside cluster
+    - podSelector: {}
+  - ports:                # for access cnpg addon kubectl
     - protocol: TCP
-      port: 5432
+      port: 8000
 </code><code>
 kube1:~/my-pgcluster# kubectl -n my-pgcluster-ns apply -f my-pgcluster-policy.yaml
@@ Line 2873: / Line 2900: @@
 ...issuer               True    42s
 </code>
+==== cert-manager certificate ====
   * Запустить выпуск сертификата можно 2-мя способами:
@@ Line 2886: / Line 2915: @@
 metadata:
   name: gitlab-cert
+#  name: webd-cert
 spec:
   secretName: gitlab-tls
+#  secretName: webd-tls
   dnsNames:
     #- siteN.mgtu.ru
-    #- keycloak.corpX.un
+    #- webd.corpX.un
     - gitlab.corpX.un
   issuerRef:
@@ Line 3099: / Line 3130: @@
   * [[https://sysdig.com/blog/monitor-etcd/|How to monitor etcd]]
+=== Анализ состояния etcd ===
 <code>
-kubeN:~# more /etc/kubernetes/manifests/kube-apiserver.yaml
+kubeN:~# less /etc/etcd.env
 kubeN:~# etcdctl member list -w table \
-  --endpoints=https://kubeN:2379 \
+  --endpoints=https://192.168.X.22N:2379 \
   --cacert=/etc/ssl/etcd/ssl/ca.pem \
   --cert=/etc/ssl/etcd/ssl/node-kube1.pem \
@@ Line 3110: / Line 3141: @@
 kubeN:~# etcdctl endpoint status -w table \
-  --endpoints=https://kube1:2379,https://kube2:2379,https://kube3:2379 \
+  --endpoints=https://192.168.X.221:2379,https://192.168.X.222:2379,https://192.168.X.223:2379 \
   --cacert=/etc/ssl/etcd/ssl/ca.pem \
   --cert=/etc/ssl/etcd/ssl/node-kube1.pem \
   --key=/etc/ssl/etcd/ssl/node-kube1-key.pem
+kube1# set -a; source /etc/etcd.env; set +a
+kube1# etcdctl endpoint health
+kube1# etcdctl member list -w table
+kube1# ETCDCTL_ENDPOINTS=https://192.168.X.221:2379,https://192.168.X.222:2379,https://192.168.X.223:2379 etcdctl endpoint status -w table
+</code>
+=== Резервное копирование и восстановление etcd ===
+<code>
+kube1# etcdctl snapshot save /root/etcd-backup.db
+kube1# kubectl get pods
+kube1# kubectl delete -f my-debian-deployment.yaml
+ssh kubeN mv /etc/kubernetes/manifests/kube-apiserver.yaml .
+ssh kubeN crictl ps|grep api
+ssh kubeN service etcd stop &
+ssh kubeN rm -rf /var/lib/etcd
+server# scp kube1:etcd-backup.db kube2:
+server# scp kube1:etcd-backup.db kube3:
+kubeN#
+source /etc/etcd.env
+etcdutl snapshot restore /root/etcd-backup.db \
+  --data-dir "${ETCD_DATA_DIR}" \
+  --name "${ETCD_NAME}" \
+  --initial-cluster "${ETCD_INITIAL_CLUSTER}" \
+  --initial-cluster-token "${ETCD_INITIAL_CLUSTER_TOKEN}" \
+  --initial-advertise-peer-urls "${ETCD_INITIAL_ADVERTISE_PEER_URLS}"
+init 6
+ssh kubeN mv kube-apiserver.yaml /etc/kubernetes/manifests/
+kube1# kubectl get pods
 </code>
 ===== Дополнительные материалы =====

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools