This is an old revision of the document!
kube1:~# kubectl delete -f application.yaml kube1:~# kubectl delete ns my-ns kube1:~# rm application.yaml kube1:~# crictl rmi server.corp13.un:5000/student/gowebd:ver1.1 kube1:~# crictl rmi server.corp13.un:5000/student/gowebd:ver1.2
kube1:~# kubectl delete -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml kube1:~# kubectl delete ns argocd cmder> rm -rf ~/.kube/ cmder> rm /usr/bin/kubectl.exe
kube1:~# helm delete ingress-nginx --namespace ingress-nginx kube1:~# kubectl delete ns ingress-nginx kube1:~# rm -r helm* linux-amd64/ /usr/local/bin/helm kube1:~# rm -r gowebd/ ingress-nginx/
kubeN# rm /usr/local/share/ca-certificates/ca.crt /etc/ssl/certs/ca.pem update-ca-certificates systemctl restart containerd
kube1:~# rm gowebd.crt gowebd.key my-ingress.yaml my-webd-service.yaml my-webd-deployment.yaml
server# rm -rf /var/www/
~/kubespray# time ansible-playbook -i inventory/mycluster/hosts.yaml reset.yml ~/kubespray# cp -rfp inventory/sample/* inventory/mycluster ~/kubespray# time ansible-playbook -i inventory/mycluster/hosts.yaml cluster.yml kube1:~# kubectl get nodes kube1:~# kubectl get ns
server# mkdir -p /var/www/html/ cp wild.crt /var/www/html/ca.crt bash -c ' scp /var/www/html/ca.crt kube1:/usr/local/share/ca-certificates/ ssh kube1 update-ca-certificates ssh kube1 systemctl restart containerd scp /var/www/html/ca.crt kube2:/usr/local/share/ca-certificates/ ssh kube2 update-ca-certificates ssh kube2 systemctl restart containerd scp /var/www/html/ca.crt kube3:/usr/local/share/ca-certificates/ ssh kube3 update-ca-certificates ssh kube3 systemctl restart containerd ' kubeN# crictl pull server.corp13.un:5000/student/gowebd crictl images crictl rmi server.corp13.un:5000/student/gowebd
server# ss -lnp | grep ':80' server# apt install apache2 server# rm /var/www/html/index.html
server# scp wild.crt gate:gowebd.crt; scp wild.key gate:gowebd.key
server# cat /etc/bind/corpX.un
... gowebd A 172.16.1.13
C:\Users\student>nslookup gowebd.corp13.un MSIE: https://gowebd.corp13.un
server# cat /etc/bind/corp13.un
... gate1 A 192.168.13.21 gate2 A 192.168.13.22
gate# hostnamectl set-hostname gate1.corp13.un gate# cat /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.13.2N netmask 255.255.255.0 gateway 192.168.13.1 auto eth1 iface eth1 inet manual up ip link set eth1 up
gateN# cat /etc/keepalived/keepalived.conf
vrrp_instance KUBE_GATE { state MASTER # state BACKUP interface eth0 virtual_router_id 1 virtual_ipaddress { 172.16.1.13/24 dev eth1 192.168.13.1/24 dev eth0 } virtual_routes { 0.0.0.0/0 via 172.16.1.254 dev eth1 } }
gate# init 6 gate2# ifconfig eth0 inet 192.168.13.22 gate1# ssh-keygen gate1# ssh-copy-id gate2 gate1# scp /etc/network/interfaces gate2:/etc/network/ scp /etc/resolv.conf gate2:/etc/ scp /etc/sysctl.conf gate2:/etc/ gate2# hostnamectl set-hostname gate2.corp13.un gate2# cat /etc/network/interfaces gate2# init 6 gate2# apt update && apt install keepalived nginx -y gate1# scp /etc/keepalived/keepalived.conf gate2:/etc/keepalived/ scp /etc/nginx/sites-available/gowebd gate2:/etc/nginx/sites-available/gowebd scp /etc/nginx/sites-enabled/gowebd gate2:/etc/nginx/sites-enabled/gowebd scp gowebd.* gate2: gate2# cat /etc/keepalived/keepalived.conf
server# ssh gate2 gate2# tail -f /var/log/messages gate2# tail -f /var/log/nginx/access.log
gateN# systemctl disable nginx --now
server:~# scp wild.key kube1:gowebd.key; scp wild.crt kube1:gowebd.crt
kube1:~# curl https://kubeN/ -H "Host: gowebd.corpX.un" -k
gateN# cat /etc/keepalived/keepalived.conf
... virtual_server 172.16.1.13 443 { protocol TCP lb_algo wlc lb_kind NAT real_server 192.168.13.221 443 {TCP_CHECK {}} real_server 192.168.13.222 443 {TCP_CHECK {}} real_server 192.168.13.223 443 {TCP_CHECK {}} }
kube1# kubectl delete ns my-ns
server# scp wild.* gate1:
gate1# ssh gate2 apt install haproxy gate1# scp /etc/ssl/private/* gate2:/etc/ssl/private/ scp /etc/haproxy/haproxy.cfg gate2:/etc/haproxy/haproxy.cfg ssh gate2 service haproxy restart
kube1# kubectl delete ns my-ns
cmder> kubectl port-forward -n my-ns services/my-webd-webd-chart 1234:80 http://localhost:1234/
http://localhost:8001/api/v1/namespaces/my-ns/services/my-webd-webd-chart:80/proxy/
gate1# cp /etc/ssl/private/wild.crtkey /etc/ssl/private/gowebd.crtkey gate1# cp /etc/ssl/private/wild.crtkey /etc/ssl/private/keycloak.crtkey gate1# cat /etc/haproxy/haproxy.cfg ... gate1# service haproxy restart gate1# scp /etc/haproxy/haproxy.cfg gate2:/etc/haproxy/haproxy.cfg gate1# scp /etc/ssl/private/* gate2:/etc/ssl/private/ gate1# ssh gate2 service haproxy restart
gateN# apt install iptables conntrack iptables-persistent gateN#
iptables -t nat --flush iptables -t nat -A POSTROUTING -o eth1 -s 192.168.13.0/24 -j SNAT --to-source 172.16.1.13 iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.13 -p udp --dport 53 -j DNAT --to-destination 192.168.13.10:53 conntrack -F netfilter-persistent save
gate.isp.un:~# ip route del 192.168.13.0/24