This is an old revision of the document!
root@gate.corp13.un:~# curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl root@gate.corp13.un:~# chmod +x kubectl root@gate.corp13.un:~# mv kubectl /usr/local/bin/
student@node1:~$ tar zcf kube-config.tar.gz .kube/config .minikube/ca.crt .minikube/profiles/minikube gitlab-runner@server:~$ scp student@node2:kube-config.tar.gz . gitlab-runner@server:~$ tar -xvf kube-config.tar.gz gitlab-runner@server:~$ cat .kube/config
... certificate-authority: /home/gitlab-runner/.minikube/ca.crt ... client-certificate: /home/gitlab-runner/.minikube/profiles/minikube/client.crt client-key: /home/gitlab-runner/.minikube/profiles/minikube/client.key ...
gitlab-runner@server:~$ kubectl get all -o wide --all-namespaces
student@node1:~$ ### minikube delete student@node1:~$ minikube start --driver=docker --insecure-registry "server.corp13.un:5000" student@node1:~$ minikube status student@node1:~$ minikube ip student@node1:~$ minikube addons list student@node1:~$ minikube addons configure registry-creds ... Do you want to enable Docker Registry? [y/n]: y -- Enter docker registry server url: http://server.corp13.un:5000 -- Enter docker registry username: student -- Enter docker registry password: ... student@node1:~$ minikube addons enable registry-creds student@node1:~$ minikube dashboard & ... Opening http://127.0.0.1:NNNNN/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/ in your default browser ... /home/mobaxterm> ssh -L NNNNN:localhost:NNNNN student@192.168.13.230 Теперь, та же ссылка работает на win host системе
root@nodeN:~# apt install apt-transport-https curl root@nodeN:~# curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add root@nodeN:~# apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main" root@nodeN:~# apt install kubeadm kubelet kubectl kubernetes-cni root@nodeN:~# swapoff -a root@nodeN:~# cat /etc/fstab
... #/swap.img ... ...
root@node1:~# kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.13.201 root@node1:~# mkdir -p $HOME/.kube root@node1:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config root@node1:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml root@node1:~# kubectl get pod -o wide --all-namespaces root@node1:~# kubectl get --raw='/readyz?verbose' root@node2_3:~# curl -k https://node1:6443/livez?verbose root@node2_3:~# kubeadm join 192.168.13.201:6443 --token NNNNNNNNNNNNNNNNNNNN \ --discovery-token-ca-cert-hash sha256:NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN root@node1:~# kubectl get nodes -o wide
root@nodeN:~# mkdir /etc/containerd/ root@node2:~# cat /etc/containerd/config.toml
version = 2 [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."server.corp13.un:5000"] endpoint = ["http://server.corp13.un:5000"] [plugins."io.containerd.grpc.v1.cri".registry.configs] [plugins."io.containerd.grpc.v1.cri".registry.configs."server.corp13.un:5000".tls] insecure_skip_verify = true [plugins."io.containerd.grpc.v1.cri".registry.configs."server.corp13.un:5000".auth] auth = "c3R1ZGVudDpwYXNzd29yZA=="
root@node2:~# systemctl restart containerd root@node2:~# containerd config dump
Проверка
root@node2:~# crictl -r unix:///run/containerd/containerd.sock pull server.corp13.un:5000/student/webd
$ kubectl create deployment my-debian --image=debian -- "sleep" "3600" $ kubectl get all $ kubectl get deployments $ kubectl get pods $ kubectl attach my-debian-NNNNNNNNN-NNNNN $ kubectl exec -ti my-debian-NNNNNNNNN-NNNNN -- bash Ctrl-D $ kubectl get deployment my-debian -o yaml $ kubectl edit deployment my-debian $ kubectl delete deployment my-debian
[[https://kubernetes.io/docs/reference/glossary/?all=true#term-manifest| Kubernetes Documentation Reference Glossary/Manifest]]
$ cat my-debian-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: my-debian spec: selector: matchLabels: app: my-debian template: metadata: labels: app: my-debian spec: containers: - name: my-debian image: debian command: ["/bin/sh"] args: ["-c", "while true; do echo hello; sleep 3;done"] restartPolicy: Always
$ kubectl create -f my-debian-deployment.yaml ... $ kubectl delete -f my-debian-deployment.yaml
$ kubectl create namespace my-ns $ kubectl get namespaces $ ### kubectl create deployment my-webd --image=server.corp13.un:5000/student/webd:latest --replicas=2 -n my-ns $ cat my-webd-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: my-webd namespace: my-ns spec: selector: matchLabels: app: my-webd replicas: 2 template: metadata: labels: app: my-webd spec: containers: - name: my-webd image: server.corp13.un:5000/student/webd:latest
$ kubectl apply -f my-webd-deployment.yaml $ kubectl get all -n my-ns -o wide $ kubectl describe -n my-ns pod/my-webd-NNNNNNNNNN-NNNNN $ kubectl scale deployment my-webd --replicas=3 -n my-ns
$ ### kubectl expose deployment my-webd --type=NodePort --port=80 -n my-ns $ cat my-webd-service.yaml
apiVersion: v1 kind: Service metadata: name: my-webd namespace: my-ns spec: type: NodePort selector: app: my-webd ports: - protocol: TCP port: 80 # nodePort: 30111 # targetPort: 80 #status: # loadBalancer: {}
$ kubectl apply -f my-webd-service.yaml $ kubectl get svc my-webd -n my-ns NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE my-webd-svc NodePort 10.102.135.146 <none> 80:30350/TCP 18h $ kubectl describe svc my-webd -n my-ns student@node3:~$ minikube service my-webd -n my-ns --url http://192.168.49.2:30350 student@node3:~$ curl $(minikube service my-webd -n my-ns --url)
student@node2:~$ minikube addons enable ingress gitlab-runner@gate:~/webd$ cat my-webd-ingress.yaml
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-webd namespace: my-ns annotations: nginx.ingress.kubernetes.io/rewrite-target: /$1 spec: rules: - host: webd.corp13.un http: paths: - path: /(.*) pathType: Prefix # Попробовать: ImplementationSpecific backend: service: name: my-webd port: number: 80
$ kubectl apply -f my-webd-ingress.yaml $ kubectl get ingress -n my-ns Напиши, что тут? root@gate.corp13.un:~# host webd webd.corp13.un is an alias for node2.corp13.un. node2.corp13.un has address 192.168.13.220 $ curl webd.corp13.un $ kubectl logs -l app=my-webd -n my-ns
$ kubectl delete -n my-ns -f my-webd-deployment.yaml,my-webd-service.yaml,my-webd-ingress.yaml или $ kubectl delete namespace my-ns
$ cat my-webd-nfs-deployment.yaml ... spec: containers: - name: my-webd image: server.corp13.un:5000/student/webd:latest volumeMounts: - name: nfs-volume mountPath: /var/www volumes: - name: nfs-volume nfs: server: 192.168.13.1 path: /var/www
gitlab-runner@gate:~/webd$ cat my-webd-ssh-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: my-webd-ssh namespace: my-ns spec: selector: matchLabels: app: my-webd-ssh replicas: 1 template: metadata: labels: app: my-webd-ssh spec: containers: - name: my-webd image: server.corp13.un:5000/student/webd:latest volumeMounts: - name: html mountPath: /var/www - name: my-ssh image: atmoz/sftp args: ["user3:password3:10003"] volumeMounts: - name: html mountPath: /home/user3/www volumes: - name: html emptyDir: {}
... $ kubectl describe pod my-webd-NNNNNNNNNN-NNNNN -n my-ns $ kubectl exec -ti -n my-ns my-webd-NNNNNNNNNN-NNNNN -c my-ssh -- bash $ ### kubectl expose deployment my-webd-ssh --type=NodePort --port=80,22 -n my-ns $ cat my-webd-ssh-service.yaml
apiVersion: v1 kind: Service metadata: name: my-webd-ssh namespace: my-ns spec: type: NodePort selector: app: my-webd-ssh ports: - name: http protocol: TCP port: 80 targetPort: 80 - name: ssh protocol: TCP port: 22 targetPort: 22
$ wget https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz $ tar -zxvf helm-v3.9.0-linux-amd64.tar.gz $ sudo mv linux-amd64/helm /usr/local/bin/helm
$ helm create webd-chart $ cat webd-chart/Chart.yaml
... description: A Helm chart WebD for Kubernetes ... version: 0.1.1 ... appVersion: "latest"
$ cat webd-chart/values.yaml
... image: repository: server.corp13.un:5000/student/webd pullPolicy: Always ... serviceAccount: create: false ... service: type: NodePort ... ingress: enabled: true ... hosts: - host: webd.corp13.un ...
$ less webd-chart/templates/deployment.yaml
... image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" ...
!!! Был замечен "глюк" DNS, из-за которого не загружался Docker образ, "лечился" предварительным созданием namespace $ helm install my-webd webd-chart/ --n my-ns --create-namespace --wait $ export HELM_NAMESPACE=my-ns $ helm list $ helm upgrade my-webd webd-chart/ --set=image.tag=ver1.10 $ helm history my-webd $ helm rollback my-webd 1 $ helm uninstall my-webd
$ helm repo add --username student --password NNNNNN-NNNNNNNNNNNNN webd http://192.168.13.1/api/v4/projects/6/packages/helm/stable $ helm repo list $ helm package webd-chart $ ls *tgz $ helm plugin install https://github.com/chartmuseum/helm-push $ helm cm-push webd-chart-0.1.0.tgz webd ... С другого кластера подключаем (аналогично) наш репозиторий и ... $ helm search repo webd $ helm repo update webd $ helm install my-webd webd/webd-chart
$ helm search hub -o json wordpress | jq '.' | less $ helm repo add bitnami https://charts.bitnami.com/bitnami $ helm show values bitnami/wordpress
student@node2:~$ sudo apt install conntrack https://computingforgeeks.com/install-mirantis-cri-dockerd-as-docker-engine-shim-for-kubernetes/ ... wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz ... student@node2:~$ minikube start --driver=none --insecure-registry "server.corp13.un:5000"
root@gate.corp13.un:~# curl -L https://github.com/kubernetes/kompose/releases/download/v1.26.0/kompose-linux-amd64 -o kompose root@gate.corp13.un:~# chmod +x kompose root@gate.corp13.un:~# sudo mv ./kompose /usr/local/bin/kompose
gitlab-runner@gate:~/webd$ kompose convert gitlab-runner@gate:~/webd$ ls *yaml gitlab-runner@gate:~/webd$ kubectl apply -f sftp-deployment.yaml,vol1-persistentvolumeclaim.yaml,webd-service.yaml,sftp-service.yaml,webd-deployment.yaml gitlab-runner@gate:~/webd$ kubectl get all