User Tools
система_kubernetes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
система_kubernetes [2026/06/11 07:32] val [Отладка etcd] |
система_kubernetes [2026/06/20 09:15] (current) val [Deployment] |
||
|---|---|---|---|
| Line 604: | Line 604: | ||
| root@cf764ca3b291:/kubespray# ansible all -m ping -i /inventory/inventory.ini | root@cf764ca3b291:/kubespray# ansible all -m ping -i /inventory/inventory.ini | ||
| </code> | </code> | ||
| - | * [[Сервис Ansible#Использование ролей]] Ansible для настройки сети | + | * [[Сервис Ansible#Использование ролей]] Ansible для настройки сети (!!! dhcp клиент может успеть затереть /etc/resolv.conf, поможет запуск роли повторно) |
| * Может потребоваться | * Может потребоваться | ||
| Line 619: | Line 619: | ||
| </code> | </code> | ||
| === Удаление вышедшего из строя узла через kubespray === | === Удаление вышедшего из строя узла через kubespray === | ||
| + | |||
| + | в случае любого, кроме первого мастер узла, понадобится: | ||
| <code> | <code> | ||
| Line 637: | Line 639: | ||
| ... ansible-playbook -i /inventory/inventory.ini remove-node.yml ... | ... ansible-playbook -i /inventory/inventory.ini remove-node.yml ... | ||
| + | kube2:~# kubectl -n kube-public edit configmaps | ||
| + | kube2:~# kubectl -n kube-system edit configmaps | ||
| + | /kube1 | ||
| + | /221 | ||
| + | </code> | ||
| - | kube2:~# kubectl get configmap -n kube-system -o yaml | grep X.221 | + | === Обновление кластера через kubespray === |
| - | kube2:~# kubectl edit configmap cluster-info -n kube-public | + | <code> |
| - | kube2:~# kubectl edit configmap kubeadm-config -n kube-system | + | kube2:~# k get nodes |
| + | ... VERSION | ||
| + | ... v1.33.5 | ||
| + | ... | ||
| + | |||
| + | server# docker run --userns=host --rm -it -v /root/inventory/sample:/inventory -v /root/:/root/ quay.io/kubespray/kubespray:v2.30.0 bash | ||
| + | |||
| + | e3101d539521:/kubespray# time ansible-playbook -i /inventory/inventory.ini upgrade_cluster.yml | ||
| + | |||
| + | kube2:~# k get nodes | ||
| + | ... VERSION | ||
| + | ... v1.34.3 | ||
| + | ... | ||
| </code> | </code> | ||
| Line 865: | Line 884: | ||
| # env: | # env: | ||
| # - name: PYWEBD_DOC_ROOT | # - name: PYWEBD_DOC_ROOT | ||
| - | # value: "/usr/local/apache2/htdocs/" | + | # value: "/home/myuser/www/" |
| # - name: PYWEBD_PORT | # - name: PYWEBD_PORT | ||
| # value: "4080" | # value: "4080" | ||
| Line 1493: | Line 1512: | ||
| kube1:~/envoygateway# helm show values oci://docker.io/envoyproxy/gateway-helm --version v1.6.4 | kube1:~/envoygateway# helm show values oci://docker.io/envoyproxy/gateway-helm --version v1.6.4 | ||
| | | ||
| - | kube1:~/envoygateway# helm install eg oci://docker.io/envoyproxy/gateway-helm --version v1.6.4 -n envoy-gateway-system --create-namespace | + | kube1:~/envoygateway# helm upgrade -i eg oci://docker.io/envoyproxy/gateway-helm --version v1.6.4 -n envoy-gateway-system --create-namespace |
| kube1:~/envoygateway# cat envoyproxy.yaml | kube1:~/envoygateway# cat envoyproxy.yaml | ||
| Line 1630: | Line 1649: | ||
| kind: Service | kind: Service | ||
| name: my-ubuntu | name: my-ubuntu | ||
| + | </code><code> | ||
| + | kube1:~/webd-k8s# kubectl apply -f my-reference-grant.yaml | ||
| </code> | </code> | ||
| ==== Volumes ==== | ==== Volumes ==== | ||
| Line 2747: | Line 2768: | ||
| apiGroup: rbac.authorization.k8s.io | apiGroup: rbac.authorization.k8s.io | ||
| </code><code> | </code><code> | ||
| + | kube1:~/users# kubectl apply -f freeipa-kube-admin.yaml | ||
| + | |||
| student@client1:~$ kubectl get nodes | student@client1:~$ kubectl get nodes | ||
| </code> | </code> | ||
| Line 2791: | Line 2814: | ||
| - Ingress | - Ingress | ||
| ingress: | ingress: | ||
| + | - from: | ||
| + | - podSelector: {} | ||
| - from: | - from: | ||
| - namespaceSelector: | - namespaceSelector: | ||
| Line 2802: | Line 2827: | ||
| matchLabels: | matchLabels: | ||
| kubernetes.io/metadata.name: cnpg-system | kubernetes.io/metadata.name: cnpg-system | ||
| - | ports: | + | - from: # for sync inside cluster |
| + | - podSelector: {} | ||
| + | - ports: # for access cnpg addon kubectl | ||
| - protocol: TCP | - protocol: TCP | ||
| - | port: 5432 | + | port: 8000 |
| </code><code> | </code><code> | ||
| kube1:~/my-pgcluster# kubectl -n my-pgcluster-ns apply -f my-pgcluster-policy.yaml | kube1:~/my-pgcluster# kubectl -n my-pgcluster-ns apply -f my-pgcluster-policy.yaml | ||
| Line 2873: | Line 2900: | ||
| ...issuer True 42s | ...issuer True 42s | ||
| </code> | </code> | ||
| + | |||
| + | ==== cert-manager certificate ==== | ||
| * Запустить выпуск сертификата можно 2-мя способами: | * Запустить выпуск сертификата можно 2-мя способами: | ||
| Line 2886: | Line 2915: | ||
| metadata: | metadata: | ||
| name: gitlab-cert | name: gitlab-cert | ||
| + | # name: webd-cert | ||
| spec: | spec: | ||
| secretName: gitlab-tls | secretName: gitlab-tls | ||
| + | # secretName: webd-tls | ||
| dnsNames: | dnsNames: | ||
| #- siteN.mgtu.ru | #- siteN.mgtu.ru | ||
| - | #- keycloak.corpX.un | + | #- webd.corpX.un |
| - gitlab.corpX.un | - gitlab.corpX.un | ||
| issuerRef: | issuerRef: | ||
| Line 3099: | Line 3130: | ||
| * [[https://sysdig.com/blog/monitor-etcd/|How to monitor etcd]] | * [[https://sysdig.com/blog/monitor-etcd/|How to monitor etcd]] | ||
| + | === Анализ состояния etcd === | ||
| <code> | <code> | ||
| kubeN:~# less /etc/etcd.env | kubeN:~# less /etc/etcd.env | ||
| Line 3122: | Line 3153: | ||
| kube1# ETCDCTL_ENDPOINTS=https://192.168.X.221:2379,https://192.168.X.222:2379,https://192.168.X.223:2379 etcdctl endpoint status -w table | kube1# ETCDCTL_ENDPOINTS=https://192.168.X.221:2379,https://192.168.X.222:2379,https://192.168.X.223:2379 etcdctl endpoint status -w table | ||
| + | </code> | ||
| + | === Резервное копирование и восстановление etcd === | ||
| + | <code> | ||
| + | kube1# etcdctl snapshot save /root/etcd-backup.db | ||
| + | |||
| + | kube1# kubectl get pods | ||
| + | kube1# kubectl delete -f my-debian-deployment.yaml | ||
| + | |||
| + | ssh kubeN mv /etc/kubernetes/manifests/kube-apiserver.yaml . | ||
| + | ssh kubeN crictl ps|grep api | ||
| + | |||
| + | ssh kubeN service etcd stop & | ||
| + | |||
| + | ssh kubeN rm -rf /var/lib/etcd | ||
| + | |||
| + | server# scp kube1:etcd-backup.db kube2: | ||
| + | server# scp kube1:etcd-backup.db kube3: | ||
| + | |||
| + | kubeN# | ||
| + | |||
| + | source /etc/etcd.env | ||
| + | etcdutl snapshot restore /root/etcd-backup.db \ | ||
| + | --data-dir "${ETCD_DATA_DIR}" \ | ||
| + | --name "${ETCD_NAME}" \ | ||
| + | --initial-cluster "${ETCD_INITIAL_CLUSTER}" \ | ||
| + | --initial-cluster-token "${ETCD_INITIAL_CLUSTER_TOKEN}" \ | ||
| + | --initial-advertise-peer-urls "${ETCD_INITIAL_ADVERTISE_PEER_URLS}" | ||
| + | init 6 | ||
| + | |||
| + | ssh kubeN mv kube-apiserver.yaml /etc/kubernetes/manifests/ | ||
| + | kube1# kubectl get pods | ||
| </code> | </code> | ||
| ===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||
система_kubernetes.1781152352.txt.gz · Last modified: 2026/06/11 07:32 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
