User Tools
система_kubernetes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
система_kubernetes [2025/11/29 07:04] val |
система_kubernetes [2025/12/04 13:25] (current) val [Volumes] |
||
|---|---|---|---|
| Line 71: | Line 71: | ||
| kubectl version | kubectl version | ||
| - | kubectl get all -o wide --all-namespaces | + | kubectl get all -o wide --all-namespaces #-A |
| - | kubectl get all -o wide -A | + | |
| + | kubectl get nodes | ||
| </code> | </code> | ||
| - | === Настройка автодополнения === | + | ==== Настройка автодополнения ==== |
| <code> | <code> | ||
| kube1:~# less /etc/bash_completion.d/kubectl.sh | kube1:~# less /etc/bash_completion.d/kubectl.sh | ||
| Line 90: | Line 91: | ||
| </code> | </code> | ||
| - | === Подключение к другому кластеру === | + | ==== Создание файла конфигурации kubectl ==== |
| + | |||
| + | * [[https://kubernetes.io/docs/reference/kubectl/generated/kubectl_config/kubectl_config_set-credentials/]] | ||
| <code> | <code> | ||
| - | gitlab-runner@server:~$ scp root@kube1:.kube/config .kube/config_kube1 | + | user1@client1:~$ ###export KUBECONFIG=~/.kube/config_test |
| + | user1@client1:~$ ###rm -rf .kube/ | ||
| - | gitlab-runner@server:~$ cat .kube/config_kube1 | + | user1@client1:~$ kubectl config set-cluster cluster.local --server=https://192.168.13.221:6443 --insecure-skip-tls-verify=true |
| - | </code><code> | + | kubeN# ###cat /etc/kubernetes/ssl/ca.crt |
| - | ... | + | ИЛИ |
| - | .kube/config_kube1 | + | root@my-debian:~# kubectl config set-cluster cluster.local --server=https://192.168.13.221:6443 --certificate-authority=/run/secrets/kubernetes.io/serviceaccount/ca.crt #--embed-certs=true |
| - | ... | + | |
| - | </code><code> | + | user1@client1:~$ cat .kube/config |
| - | gitlab-runner@server:~$ export KUBECONFIG=~/.kube/config_kube1 | + | |
| + | user1@client1:~$ kubectl config set-credentials user1 --client-certificate=user1.crt --client-key=user1.key #--embed-certs=true | ||
| + | ИЛИ | ||
| + | user1@client1:~$ kubectl config set-credentials user1 --token=................................... | ||
| + | ИЛИ | ||
| + | root@my-debian:~# kubectl config set-credentials user1 --token=$(cat /run/secrets/kubernetes.io/serviceaccount/token) | ||
| + | |||
| + | user1@client1:~$ kubectl config get-users | ||
| + | |||
| + | user1@client1:~$ kubectl config set-context default-context --cluster=cluster.local --user=user1 | ||
| + | |||
| + | user1@client1:~$ kubectl config use-context default-context | ||
| + | |||
| + | user1@client1:~$ kubectl auth whoami | ||
| + | |||
| + | user1@client1:~$ kubectl auth can-i get pods #-n my-ns | ||
| - | gitlab-runner@server:~$ kubectl get nodes | + | user1@client1:~$ kubectl get pods #-A |
| + | Error from server (Forbidden) или ... | ||
| </code> | </code> | ||
| Line 417: | Line 437: | ||
| <code> | <code> | ||
| - | server# ssh-keygen # -t rsa | + | server# ssh-keygen ### -t rsa |
| server# ssh-copy-id kube1;ssh-copy-id kube2;ssh-copy-id kube3;ssh-copy-id kube4; | server# ssh-copy-id kube1;ssh-copy-id kube2;ssh-copy-id kube3;ssh-copy-id kube4; | ||
| Line 424: | Line 444: | ||
| === Вариант 1 (ansible) === | === Вариант 1 (ansible) === | ||
| + | * [[https://github.com/kubernetes-sigs/kubespray/blob/v2.26.0/README.md]] | ||
| * [[Язык программирования Python#Виртуальная среда Python]] | * [[Язык программирования Python#Виртуальная среда Python]] | ||
| Line 549: | Line 570: | ||
| === Вариант 2 (docker) === | === Вариант 2 (docker) === | ||
| + | |||
| + | * [[https://github.com/kubernetes-sigs/kubespray/blob/v2.29.0/README.md]] | ||
| + | |||
| <code> | <code> | ||
| server:~# mkdir -p inventory/sample | server:~# mkdir -p inventory/sample | ||
| Line 554: | Line 578: | ||
| server:~# cat inventory/sample/inventory.ini | server:~# cat inventory/sample/inventory.ini | ||
| </code><code> | </code><code> | ||
| + | #[all] | ||
| + | #kube1 ansible_host=192.168.X.221 | ||
| + | #kube2 ansible_host=192.168.X.222 | ||
| + | #kube3 ansible_host=192.168.X.223 | ||
| + | ##kube4 ansible_host=192.168.X.224 | ||
| + | |||
| [kube_control_plane] | [kube_control_plane] | ||
| kube[1:3] | kube[1:3] | ||
| Line 562: | Line 592: | ||
| [kube_node] | [kube_node] | ||
| kube[1:3] | kube[1:3] | ||
| + | #kube[1:4] | ||
| </code><code> | </code><code> | ||
| - | server:~# docker run --rm -it --mount type=bind,source="$(pwd)"/inventory/sample,dst=/inventory --mount type=bind,source="${HOME}"/.ssh/id_rsa,dst=/root/.ssh/id_rsa quay.io/kubespray/kubespray:v2.29.0 bash | + | server:~# docker run --userns=host --rm -it -v /root/inventory/sample:/inventory -v /root/.ssh/:/root/.ssh/ quay.io/kubespray/kubespray:v2.29.0 bash |
| - | root@cf764ca3b291:/kubespray# ansible-playbook -i /inventory/inventory.ini --private-key /root/.ssh/id_rsa cluster.yml | + | root@cf764ca3b291:/kubespray# time ansible-playbook -i /inventory/inventory.ini cluster.yml |
| + | ... | ||
| + | real 12m18.679s | ||
| + | ... | ||
| </code> | </code> | ||
| Line 1478: | Line 1512: | ||
| ssh root@kube2 'chmod 777 /opt/local-path-provisioner' | ssh root@kube2 'chmod 777 /opt/local-path-provisioner' | ||
| ssh root@kube3 'chmod 777 /opt/local-path-provisioner' | ssh root@kube3 'chmod 777 /opt/local-path-provisioner' | ||
| + | ssh root@kube4 'mkdir /opt/local-path-provisioner' | ||
| + | ssh root@kube4 'chmod 777 /opt/local-path-provisioner' | ||
| $ ###kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' | $ ###kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' | ||
| Line 1497: | Line 1533: | ||
| (venv1) server:~# ansible all -f 4 -m apt -a 'pkg=open-iscsi state=present update_cache=true' -i /root/kubespray/inventory/mycluster/hosts.yaml | (venv1) server:~# ansible all -f 4 -m apt -a 'pkg=open-iscsi state=present update_cache=true' -i /root/kubespray/inventory/mycluster/hosts.yaml | ||
| + | |||
| + | root@a7818cd3f7c7:/kubespray# ansible all -f 4 -m apt -a 'pkg=open-iscsi state=present update_cache=true' -i /inventory/inventory.ini | ||
| </code> | </code> | ||
| * [[https://github.com/longhorn/longhorn]] | * [[https://github.com/longhorn/longhorn]] | ||
| Line 1509: | Line 1547: | ||
| </code> | </code> | ||
| - | Подключение через kubectl proxy | + | Подключение через [[#kubectl proxy]] |
| * [[https://stackoverflow.com/questions/45172008/how-do-i-access-this-kubernetes-service-via-kubectl-proxy|How do I access this Kubernetes service via kubectl proxy?]] | * [[https://stackoverflow.com/questions/45172008/how-do-i-access-this-kubernetes-service-via-kubectl-proxy|How do I access this Kubernetes service via kubectl proxy?]] | ||
| Line 1895: | Line 1933: | ||
| $ helm upgrade ingress-nginx -i ingress-nginx -f values.yaml --repo https://kubernetes.github.io/ingress-nginx -n ingress-nginx --create-namespace | $ helm upgrade ingress-nginx -i ingress-nginx -f values.yaml --repo https://kubernetes.github.io/ingress-nginx -n ingress-nginx --create-namespace | ||
| + | |||
| + | $ kubectl get all -n ingress-nginx | ||
| $ kubectl exec -n ingress-nginx pods/ingress-nginx-controller-<TAB> -- cat /etc/nginx/nginx.conf | tee nginx.conf | grep use_forwarded_headers | $ kubectl exec -n ingress-nginx pods/ingress-nginx-controller-<TAB> -- cat /etc/nginx/nginx.conf | tee nginx.conf | grep use_forwarded_headers | ||
система_kubernetes.1764389089.txt.gz · Last modified: 2025/11/29 07:04 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
