User Tools

Site Tools


система_kubernetes

This is an old revision of the document!


Система Kubernetes

Инструмент командной строки kubectl

Установка

# curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl

# chmod +x kubectl

# mv kubectl /usr/local/bin/

Подключение к новому кластеру

gitlab-runner@server:~$ scp root@node1:.kube/config .kube/config_new

gitlab-runner@server:~$ cp ~/.kube/config ~/.kube/config.bak

gitlab-runner@server:~$ KUBECONFIG=~/.kube/config:~/.kube/config_new kubectl config view --flatten > /tmp/config

gitlab-runner@server:~$ mv /tmp/config ~/.kube/config

gitlab-runner@server:~$ chmod 600 /home/gitlab-runner/.kube/config    #Helm WARNING

gitlab-runner@server:~$ kubectl config get-contexts

gitlab-runner@server:~$ rm ~/.kube/config.bak

gitlab-runner@server:~$ kubectl config use-context kubernetes-admin@kubernetes

gitlab-runner@server:~$ kubectl get all -o wide --all-namespaces

Установка minikube

root@server:~# apt install -y curl wget apt-transport-https

root@server:~# wget https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64

root@server:~# mv minikube-linux-amd64 /usr/local/bin/minikube

root@server:~# chmod +x /usr/local/bin/minikube
gitlab-runner@server:~$ ### minikube delete
gitlab-runner@server:~$ ### rm -rv .minikube/

gitlab-runner@server:~$ time minikube start --driver=docker --insecure-registry "server.corpX.un:5000"
real    5m8.320s
...

gitlab-runner@server:~$ minikube status

gitlab-runner@server:~$ minikube ip

gitlab-runner@server:~$ minikube kubectl -- get pods -A

gitlab-runner@server:~$ minikube addons list

gitlab-runner@server:~$ minikube addons configure registry-creds
...
Do you want to enable Docker Registry? [y/n]: y
-- Enter docker registry server url: http://server.corpX.un:5000
-- Enter docker registry username: student
-- Enter docker registry password:
...

gitlab-runner@server:~$ minikube addons enable registry-creds

Кластер Kubernetes

Развертывание

Установка ПО и подготовка узлов

node1# ssh-keygen

node1# ssh-copy-id node2
node1# ssh-copy-id node3

node1# bash -c '
http_proxy=http://proxy.isp.un:3128/ apt -y install apt-transport-https curl
ssh node2 http_proxy=http://proxy.isp.un:3128/ apt -y install apt-transport-https curl
ssh node3 http_proxy=http://proxy.isp.un:3128/ apt -y install apt-transport-https curl
'

node1# bash -c '
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
ssh node2 "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add"
ssh node3 "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add"
'

node1# bash -c '
apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
ssh node2 apt-add-repository \"deb http://apt.kubernetes.io/ kubernetes-xenial main\"
ssh node3 apt-add-repository \"deb http://apt.kubernetes.io/ kubernetes-xenial main\"
'

node1# bash -c '
http_proxy=http://proxy.isp.un:3128/ apt -y install kubeadm kubelet kubectl kubernetes-cni
ssh node2 apt -y install kubeadm kubelet kubectl kubernetes-cni
ssh node3 apt -y install kubeadm kubelet kubectl kubernetes-cni
'

node1# bash -c '
swapoff -a
ssh node2 swapoff -a
ssh node3 swapoff -a
'

node1# bash -c '
sed -i"" -e "/swap/s/^/#/" /etc/fstab
ssh node2 sed -i"" -e "/swap/s/^/#/" /etc/fstab
ssh node3 sed -i"" -e "/swap/s/^/#/" /etc/fstab
'

Инициализация master

node1# bash -c '
rm /etc/containerd/config.toml
systemctl restart containerd
ssh node2 rm /etc/containerd/config.toml
ssh node2 systemctl restart containerd
ssh node3 rm /etc/containerd/config.toml
ssh node3 systemctl restart containerd
'
root@node1:~# kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.X.201

root@node1:~# mkdir -p $HOME/.kube

root@node1:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

root@node1:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

root@node1:~# kubectl get pod -o wide --all-namespaces

root@node1:~# kubectl get --raw='/readyz?verbose'

Подключение worker

root@node2_3:~# curl -k https://node1:6443/livez?verbose
root@node2_3:~# kubeadm join 192.168.X.201:6443 --token NNNNNNNNNNNNNNNNNNNN \
        --discovery-token-ca-cert-hash sha256:NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

Проверка состояния

root@node1:~# kubectl cluster-info

root@node1:~# kubectl get nodes -o wide

Настройка доступа к Insecure Private Registry

node1# scp server:/etc/docker/daemon.json /etc/docker/daemon.json

server# bash -c '
scp /etc/docker/daemon.json node2:/etc/docker/daemon.json
scp /etc/docker/daemon.json node3:/etc/docker/daemon.json
service docker restart
ssh node2 service docker restart
ssh node3 service docker restart
'

# don't work in cri-tools 1.25, need public project
### node1# docker login http://server.corpX.un:5000

### node1# bash -c '
ssh node2 mkdir -p .docker
ssh node3 mkdir -p .docker
scp ~/.docker/config.json node2:.docker/config.json
scp ~/.docker/config.json node3:.docker/config.json
'

root@node1:~# cat /etc/containerd/config.toml
version = 2

[plugins."io.containerd.grpc.v1.cri".registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."server.corpX.un:5000"]
      endpoint = ["http://server.corpX.un:5000"]
  [plugins."io.containerd.grpc.v1.cri".registry.configs]
    [plugins."io.containerd.grpc.v1.cri".registry.configs."server.corpX.un:5000".tls]
      insecure_skip_verify = true
# don't work in cri-tools 1.25, need public project
#[plugins."io.containerd.grpc.v1.cri".registry.configs."server.corpX.un:5000".auth]
#      auth = "c3R1ZGVudDpwYXNzd29yZA=="
node1# bash -c '
scp /etc/containerd/config.toml node2:/etc/containerd/config.toml
scp /etc/containerd/config.toml node3:/etc/containerd/config.toml
systemctl restart containerd
ssh node2 systemctl restart containerd
ssh node3 systemctl restart containerd
'

root@nodeN:~# containerd config dump | less

Проверка

root@nodeN:~# crictl -r unix:///run/containerd/containerd.sock pull server.corpX.un:5000/student/webd

Базовые объекты k8s

Deployment, Replica Sets, Pods

$ kubectl create deployment my-debian --image=debian -- "sleep" "3600"

$ kubectl get all

$ kubectl get deployments

$ kubectl get pods -o wide

$ kubectl attach my-debian-NNNNNNNNN-NNNNN

$ kubectl exec -ti my-debian-NNNNNNNNN-NNNNN -- bash
Ctrl-D

$ kubectl get deployment my-debian -o yaml

$ kubectl edit deployment my-debian

$ kubectl delete deployment my-debian
$ cat my-debian-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-debian
spec:
  selector:
    matchLabels:
      app: my-debian
  template:
    metadata:
      labels:
        app: my-debian
    spec:
      containers:
      - name: my-debian
        image: debian
        command: ["/bin/sh"]
        args: ["-c", "while true; do echo hello; sleep 3;done"]
      restartPolicy: Always
$ kubectl create -f my-debian-deployment.yaml
...
$ kubectl delete -f my-debian-deployment.yaml

namespace для своего приложения

$ kubectl create namespace my-ns

$ kubectl get namespaces

$ ### kubectl create deployment my-webd --image=server.corpX.un:5000/student/webd:latest --replicas=2 -n my-ns

$ ### kubectl delete deployment my-webd -n my-ns

$ cd webd/

$ cat my-webd-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-webd
  namespace: my-ns
spec:
  selector:
    matchLabels:
      app: my-webd
  replicas: 2
  template:
    metadata:
      labels:
        app: my-webd
    spec:
      containers:
      - name: my-webd

#        image: server.corpX.un:5000/student/webd
#        image: server.corpX.un:5000/student/webd:ver1.N

### need <html> teg ###
#        livenessProbe:
#          httpGet:
#            port: 80

#        volumeMounts:
#        - name: nfs-volume
#          mountPath: /var/www
#      volumes:
#      - name: nfs-volume
#        nfs:
#          server: server.corpX.un
#          path: /var/www
$ kubectl apply -f my-webd-deployment.yaml

$ kubectl get all -n my-ns -o wide 

$ kubectl describe -n my-ns pod/my-webd-NNNNNNNNNN-NNNNN

$ kubectl scale deployment my-webd --replicas=3 -n my-ns

$ kubectl delete pod/my-webd-NNNNNNNNNN-NNNNN -n my-ns

Service

$ ### kubectl expose deployment my-webd --type=NodePort --port=80 -n my-ns

$ ### kubectl delete svc my-webd -n my-ns

$ cat my-webd-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: my-webd
  namespace: my-ns
spec:
  type: NodePort
  selector:
    app: my-webd
  ports:
  - protocol: TCP
    port: 80
#    nodePort: 30111
$ kubectl apply -f my-webd-service.yaml

$ kubectl get svc my-webd -n my-ns
NAME              TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
my-webd-svc   NodePort   10.102.135.146   <none>        80:NNNNN/TCP   18h

$ kubectl describe svc my-webd -n my-ns

$ curl http://node1,2,3:NNNNN


$ minikube service list

$ minikube service my-webd -n my-ns --url
http://192.168.49.2:NNNNN

$ curl $(minikube service my-webd -n my-ns --url)


$ kubectl logs -l app=my-webd -n my-ns 
(доступны опции -f, --tail=2000, --previous)

Удаление объектов

$ kubectl delete -n my-ns -f my-webd-deployment.yaml,my-webd-service.yaml

или

$ kubectl delete namespace my-ns

Ingress

server# host webd
webd.corpX.un has address 192.168.49.2
  или
webd.corpX.un has address 192.168.X.201


gitlab-runner@server:~$ minikube addons enable ingress
root@node1:~# kubectl port-forward --namespace=ingress-nginx --address 0.0.0.0 service/ingress-nginx-controller 80:80


gitlab-runner@server:~/webd$ ### kubectl create ingress my-webd --class=nginx --rule="webd.corpX.un/*=my-webd:80" -n my-ns

gitlab-runner@server:~/webd$ cat my-webd-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-webd
  namespace: my-ns
spec:
  ingressClassName: nginx
  rules:
  - host: webd.corpX.un
    http:
      paths:
      - backend:
          service:
            name: my-webd
            port:
              number: 80
        path: /
        pathType: Prefix
status:
  loadBalancer: {}
$ kubectl apply -f my-webd-ingress.yaml


$ kubectl get ingress -n my-ns
NAME      CLASS   HOSTS            ADDRESS   PORTS   AGE
my-webd   nginx   webd.corpX.un             80      11s

$ curl webd.corpX.un

$ ### kubectl delete ingress my-webd -n my-ns

Пример с multi container pod

gitlab-runner@gate:~/webd$ cat my-webd-ssh-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-webd-ssh
  namespace: my-ns
spec:
  selector:
    matchLabels:
      app: my-webd-ssh
  replicas: 1
  template:
    metadata:
      labels:
        app: my-webd-ssh
    spec:
      containers:
      - name: my-webd
        image: server.corp13.un:5000/student/webd:latest
        volumeMounts:
        - name: html
          mountPath: /var/www
      - name: my-ssh
        image: atmoz/sftp
        args: ["user3:password3:10003"]
        volumeMounts:
        - name: html
          mountPath: /home/user3/www
      volumes:
      - name: html
        emptyDir: {}
...
$ kubectl describe pod my-webd-NNNNNNNNNN-NNNNN -n my-ns

$ kubectl exec -ti -n my-ns my-webd-NNNNNNNNNN-NNNNN -c my-ssh -- bash

$ ### kubectl expose deployment my-webd-ssh --type=NodePort --port=80,22 -n my-ns

$ cat my-webd-ssh-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: my-webd-ssh
  namespace: my-ns
spec:
  type: NodePort
  selector:
    app: my-webd-ssh
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80
  - name: ssh
    protocol: TCP
    port: 22
    targetPort: 22

Helm

Установка Helm

server# wget https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz

# tar -zxvf helm-v3.9.0-linux-amd64.tar.gz

# mv linux-amd64/helm /usr/local/bin/helm

Работа с готовыми Charts

$ curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml

$ kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml

$ helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace

$ helm list --namespace ingress-nginx

$ ### helm delete ingress-nginx --namespace ingress-nginx

Развертывание своего приложения

$ helm create webd-chart

$ cat webd-chart/Chart.yaml
...
description: A Helm chart WebD for Kubernetes
...
version: 0.1.1
...
appVersion: "latest"
$ cat webd-chart/values.yaml
...
image:
  repository: server.corpX.un:5000/student/webd
  pullPolicy: Always
...
serviceAccount:
  create: false
...
service:
  type: NodePort
...
ingress:
  enabled: true
  className: "nginx"
...
  hosts:
    - host: webd.corp13.un
...
$ less webd-chart/templates/deployment.yaml
...
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
...
$ helm install my-webd webd-chart/ -n my-ns --create-namespace --wait

$ export HELM_NAMESPACE=my-ns

$ helm list

$ helm upgrade my-webd webd-chart/ --set=image.tag=ver1.10

$ helm history my-webd

$ helm rollback my-webd 1

$ helm uninstall my-webd

Работа со своим репозиторием

$ helm repo add --username student --password NNNNNN-NNNNNNNNNNNNN webd http://192.168.13.1/api/v4/projects/6/packages/helm/stable

$ helm repo list

$ helm package webd-chart
$ ls *tgz

$ helm plugin install https://github.com/chartmuseum/helm-push
$ helm cm-push webd-chart-0.1.0.tgz webd

... С другого кластера подключаем (аналогично) наш репозиторий и ...

$ helm search repo webd

$ helm repo update webd

$ helm install my-webd webd/webd-chart

Работа с публичными репозиториями

$ helm search hub -o json wordpress | jq '.' | less

$ helm repo add bitnami https://charts.bitnami.com/bitnami

$ helm show values bitnami/wordpress

Дополнительные материалы

bare-metal minikube

student@node2:~$ sudo apt install conntrack

https://computingforgeeks.com/install-mirantis-cri-dockerd-as-docker-engine-shim-for-kubernetes/
...

wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz
...

student@node2:~$ minikube start --driver=none --insecure-registry "server.corp13.un:5000"

minikube dashboard

student@node1:~$ minikube dashboard &
...
Opening http://127.0.0.1:NNNNN/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/ in your default browser
...
/home/mobaxterm> ssh -L NNNNN:localhost:NNNNN student@192.168.X.10
Теперь, та же ссылка работает на win host системе

Подключение к minikube с другой системы

student@node1:~$ tar -cvzf kube-config.tar.gz .kube/config .minikube/ca.crt .minikube/profiles/minikube

gitlab-runner@server:~$ scp student@node1:kube-config.tar.gz .

gitlab-runner@server:~$ tar -xvf kube-config.tar.gz

gitlab-runner@server:~$ cat .kube/config
...
    certificate-authority: /home/gitlab-runner/.minikube/ca.crt
...
    client-certificate: /home/gitlab-runner/.minikube/profiles/minikube/client.crt
    client-key: /home/gitlab-runner/.minikube/profiles/minikube/client.key
...

kompose

root@gate.corp13.un:~# curl -L https://github.com/kubernetes/kompose/releases/download/v1.26.0/kompose-linux-amd64 -o kompose
root@gate.corp13.un:~# chmod +x kompose
root@gate.corp13.un:~# sudo mv ./kompose /usr/local/bin/kompose
gitlab-runner@gate:~/webd$ kompose convert
gitlab-runner@gate:~/webd$ ls *yaml
gitlab-runner@gate:~/webd$ kubectl apply -f sftp-deployment.yaml,vol1-persistentvolumeclaim.yaml,webd-service.yaml,sftp-service.yaml,webd-deployment.yaml
gitlab-runner@gate:~/webd$ kubectl get all
система_kubernetes.1664277907.txt.gz · Last modified: 2022/09/27 14:25 by val