Differences

This shows you the differences between two versions of the page.

--- система_kubernetes [2025/11/28 09:54]
val [Ingress]
+++ система_kubernetes [2025/12/04 13:25] (current)
val [Volumes]
@@ Line 71: / Line 71: @@
 kubectl version
-kubectl get all -o wide --all-namespaces
+kubectl get all -o wide --all-namespaces #-A
-kubectl get all -o wide -A
+kubectl get nodes
 </code>
-=== Настройка автодополнения ===
+==== Настройка автодополнения ====
 <code>
 kube1:~# less /etc/bash_completion.d/kubectl.sh
@@ Line 90: / Line 91: @@
 </code>
-=== Подключение к другому кластеру ===
+==== Создание файла конфигурации kubectl ====
+  * [[https://kubernetes.io/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-credentials/]]
 <code>
-gitlab-runner@server:~$ scp root@kube1:.kube/config .kube/config_kube1
+user1@client1:~$ ###export KUBECONFIG=~/.kube/config_test
+user1@client1:~$ ###rm -rf .kube/
-gitlab-runner@server:~$ cat .kube/config_kube1
+user1@client1:~$ kubectl config set-cluster cluster.local --server=https://192.168.13.221:6443 --insecure-skip-tls-verify=true
-</code><code>
+kubeN# ###cat /etc/kubernetes/ssl/ca.crt
-...
+  ИЛИ
-    .kube/config_kube1
+root@my-debian:~# kubectl config set-cluster cluster.local --server=https://192.168.13.221:6443 --certificate-authority=/run/secrets/kubernetes.io/serviceaccount/ca.crt #--embed-certs=true
-...
-</code><code>
+user1@client1:~$ cat .kube/config
-gitlab-runner@server:~$ export KUBECONFIG=~/.kube/config_kube1
+user1@client1:~$ kubectl config set-credentials user1 --client-certificate=user1.crt --client-key=user1.key #--embed-certs=true
+  ИЛИ
+user1@client1:~$ kubectl config set-credentials user1 --token=...................................
+  ИЛИ
+root@my-debian:~# kubectl config set-credentials user1 --token=$(cat /run/secrets/kubernetes.io/serviceaccount/token)
+user1@client1:~$ kubectl config get-users
+user1@client1:~$ kubectl config set-context default-context --cluster=cluster.local --user=user1
+user1@client1:~$ kubectl config use-context default-context
+user1@client1:~$ kubectl auth whoami
+user1@client1:~$ kubectl auth can-i get pods #-n my-ns
-gitlab-runner@server:~$ kubectl get nodes
+user1@client1:~$ kubectl get pods #-A
+Error from server (Forbidden) или ...
 </code>
@@ Line 183: / Line 203: @@
 </code>
 ===== Кластер Kubernetes =====
 ==== Развертывание через kubeadm ====
@@ Line 418: / Line 437: @@
 <code>
-server# ssh-keygen    # -t rsa
+server# ssh-keygen    ### -t rsa
 server# ssh-copy-id kube1;ssh-copy-id kube2;ssh-copy-id kube3;ssh-copy-id kube4;
@@ Line 425: / Line 444: @@
 === Вариант 1 (ansible) ===
+  * [[https://github.com/kubernetes-sigs/kubespray/blob/v2.26.0/README.md]]
   * [[Язык программирования Python#Виртуальная среда Python]]
@@ Line 550: / Line 570: @@
 === Вариант 2 (docker) ===
+  * [[https://github.com/kubernetes-sigs/kubespray/blob/v2.29.0/README.md]]
 <code>
 server:~# mkdir -p inventory/sample
@@ Line 555: / Line 578: @@
 server:~# cat inventory/sample/inventory.ini
 </code><code>
+#[all]
+#kube1 ansible_host=192.168.X.221
+#kube2 ansible_host=192.168.X.222
+#kube3 ansible_host=192.168.X.223
+##kube4 ansible_host=192.168.X.224
 [kube_control_plane]
 kube[1:3]
@@ Line 563: / Line 592: @@
 [kube_node]
 kube[1:3]
+#kube[1:4]
 </code><code>
-server:~# docker run --rm -it --mount type=bind,source="$(pwd)"/inventory/sample,dst=/inventory --mount type=bind,source="${HOME}"/.ssh/id_rsa,dst=/root/.ssh/id_rsa quay.io/kubespray/kubespray:v2.29.0 bash
+server:~# docker run --userns=host --rm -it -v /root/inventory/sample:/inventory -v /root/.ssh/:/root/.ssh/ quay.io/kubespray/kubespray:v2.29.0 bash
-root@cf764ca3b291:/kubespray# ansible-playbook -i /inventory/inventory.ini --private-key /root/.ssh/id_rsa cluster.yml
+root@cf764ca3b291:/kubespray# time ansible-playbook -i /inventory/inventory.ini cluster.yml
+...
+real    12m18.679s
+...
+</code>
+==== Управление образами ====
+<code>
+kubeN#
+crictl pull server.corpX.un:5000/student/gowebd
+crictl images
+crictl rmi server.corpX.un:5000/student/gowebd
 </code>
@@ Line 1471: / Line 1512: @@
 ssh root@kube2 'chmod 777 /opt/local-path-provisioner'
 ssh root@kube3 'chmod 777 /opt/local-path-provisioner'
+ssh root@kube4 'mkdir /opt/local-path-provisioner'
+ssh root@kube4 'chmod 777 /opt/local-path-provisioner'
 $ ###kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
@@ Line 1490: / Line 1533: @@
 (venv1) server:~# ansible all -f 4 -m apt -a 'pkg=open-iscsi state=present update_cache=true' -i /root/kubespray/inventory/mycluster/hosts.yaml
+root@a7818cd3f7c7:/kubespray# ansible all -f 4 -m apt -a 'pkg=open-iscsi state=present update_cache=true' -i /inventory/inventory.ini
 </code>
   * [[https://github.com/longhorn/longhorn]]
@@ Line 1502: / Line 1547: @@
 </code>
-Подключение через kubectl proxy
+Подключение через [[#kubectl proxy]]
   * [[https://stackoverflow.com/questions/45172008/how-do-i-access-this-kubernetes-service-via-kubectl-proxy|How do I access this Kubernetes service via kubectl proxy?]]
@@ Line 1888: / Line 1933: @@
 $ helm upgrade ingress-nginx -i ingress-nginx -f values.yaml --repo https://kubernetes.github.io/ingress-nginx -n ingress-nginx --create-namespace
+$ kubectl get all -n ingress-nginx
 $ kubectl exec -n ingress-nginx pods/ingress-nginx-controller-<TAB> -- cat /etc/nginx/nginx.conf | tee nginx.conf | grep use_forwarded_headers

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools