Differences

This shows you the differences between two versions of the page.

--- система_kubernetes [2026/02/14 15:17]
val [Работа с чувствительными данными (секретами)]
+++ система_kubernetes [2026/03/05 15:47] (current)
val [Ingress]
@@ Line 130: / Line 130: @@
 ===== Установка minikube =====
+  * [[https://github.com/kubernetes/minikube/tags]]
   * [[https://minikube.sigs.k8s.io/docs/start/|Documentation/Get Started/minikube start]]
   * [[https://stackoverflow.com/questions/42564058/how-can-i-use-local-docker-images-with-minikube|How can I use local Docker images with Minikube?]]
@@ Line 136: / Line 137: @@
 root@server:~# apt install -y wget
-root@server:~# wget https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
+root@server:~# wget https://storage.googleapis.com/minikube/releases/v1.37.0/minikube-linux-amd64
 root@server:~# mv minikube-linux-amd64 /usr/local/bin/minikube
@@ Line 602: / Line 603: @@
 root@cf764ca3b291:/kubespray# ansible all -m ping -i /inventory/inventory.ini
 </code>
-  * Может потребоваться [[#Настройка registry-mirrors для Kubespray]]
 <code>
 root@cf764ca3b291:/kubespray# cp -rv inventory/sample/group_vars/ /inventory/
 </code>
+  * Может потребоваться [[#Настройка registry-mirrors для Kubespray]]
 <code>
 root@cf764ca3b291:/kubespray# time ansible-playbook -i /inventory/inventory.ini cluster.yml
@@ Line 805: / Line 806: @@
 #        image: server.corpX.un:5000/student/webd:ver1.N
 #        image: httpd
+#        image: brndnmtthws/nginx-echo-headers
 #        args: ["gunicorn", "app:app", "--bind", "0.0.0.0:8000", "-k", "uvicorn.workers.UvicornWorker"]
@@ Line 834: / Line 836: @@
 #        - name: REALM_NAME
 #          value: "corpX"
-#        - name: SECRET
-#          value: "strongpassword"
 #        livenessProbe:
@@ Line 1220: / Line 1220: @@
 </code>
-=== traefik ===
+=== ingress-traefik-controller ===
-<code>
-kube1:~/traefik# helm show values traefik --repo https://traefik.github.io/charts --version 39.0.1 | tee values.yaml.orig
-kube1:~/traefik# cat values.yaml
+  * [[#Traefik]] (providers.kubernetesGateway.enabled: false)
-</code><code>
-service:
-  spec:
-    loadBalancerIP: "192.168.13.64"
-</code><code>
-kube1:~/traefik# helm template traefik -f values.yaml --repo https://traefik.github.io/charts -n traefik --version 39.0.1
-kube1:~/traefik# helm install traefik traefik -f values.yaml --repo https://traefik.github.io/charts -n traefik --version 39.0.1 --create-namespace
-</code>
 === ingress example ===
@@ Line 1323: / Line 1312: @@
 </code>
+==== Gateway API ====
+  * https://gateway-api.sigs.k8s.io/guides/getting-started/
+<code>
+kube1:~# kubectl get gatewayclasses
+</code>
+=== Traefik ===
+  * https://doc.traefik.io/traefik/getting-started/quick-start-with-kubernetes/
+<code>
+kube1:~/traefik# helm show values traefik --repo https://traefik.github.io/charts --version 39.0.1 | tee values.yaml.orig
+kube1:~/traefik# cat values.yaml
+</code><code>
+service:
+  spec:
+    loadBalancerIP: "192.168.X.64"
+ingressRoute:
+  dashboard:
+    enabled: true
+    matchRule: Host(`dashboard-traefik.corpX.un`)
+    entryPoints:
+      - web
+providers:
+  kubernetesGateway:
+    enabled: true
+#gateway:
+#  listeners:
+#    web:
+#      namespacePolicy:
+#        from: All
+</code><code>
+kube1:~/traefik# helm template traefik -f values.yaml --repo https://traefik.github.io/charts -n traefik --version 39.0.1
+kube1:~/traefik# helm install traefik traefik -f values.yaml --repo https://traefik.github.io/charts -n traefik --version 39.0.1 --create-namespace
+</code><code>
+kube1:~/traefik# kubectl get ingressclasses
+kube1:~/webd-k8s# ###cat my-ingressroute.yaml
+</code><code>
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: my-ingressroute
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`htwebd.corpX.un`)
+      kind: Rule
+      services:
+        - name: my-webd
+          port: 80
+</code>
+=== Envoy Gateway ===
+  * [[https://gateway.envoyproxy.io/latest/install/install-helm/]]
+  * [[https://hub.docker.com/r/envoyproxy/gateway-helm/tags]]
+<code>
+kube1:~/envoygateway# helm show values oci://docker.io/envoyproxy/gateway-helm --version v1.6.4
+kube1:~/envoygateway# helm install eg oci://docker.io/envoyproxy/gateway-helm --version v1.6.4 -n envoy-gateway-system --create-namespace
+kube1:~/envoygateway# cat envoyproxy.yaml
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyProxy
+metadata:
+  name: custom-envoy-proxy
+  namespace: envoy-gateway-system
+spec:
+  provider:
+    type: Kubernetes
+    kubernetes:
+      envoyService:
+        type: LoadBalancer
+        annotations:
+          metallb.universe.tf/loadBalancerIPs: "192.168.X.66"
+kube1:~/envoygateway# cat gatewayclass.yaml
+apiVersion: gateway.networking.k8s.io/v1
+kind: GatewayClass
+metadata:
+  name: eg
+spec:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+  parametersRef:
+    group: gateway.envoyproxy.io
+    kind: EnvoyProxy
+    name: custom-envoy-proxy
+    namespace: envoy-gateway-system
+</code>
 ==== Volumes ====
@@ Line 2014: / Line 2099: @@
   * [[https://habr.com/ru/companies/ru_mts/articles/656351/|Прячем секреты в репозитории с помощью helm-secrets, sops, vault и envsubst]]
+  * [[https://github.com/jkroepke/helm-secrets]]
   * [[Mozilla Sops]]
-  * [[https://github.com/jkroepke/helm-secrets]]
-<code>
-$ helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.4/secrets-4.7.4.tgz --verify=false
-$ helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.4/secrets-getter-4.7.4.tgz  --verify=false
+<code>
+kube1#
+helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.4/secrets-4.7.4.tgz --verify=false
+helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.4/secrets-getter-4.7.4.tgz  --verify=false
-$ helm template my-webd webd-chart/ -f secrets://webd-chart/values.yaml -n my-ns
+kube1:~/keycloak# helm template my-keycloak -f secrets://values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version $KC_HC_VER | grep password
-$ helm upgrade -i my-webd webd-chart/ -f secrets://webd-chart/values.yaml -n my-ns --create-namespace
+kube1:~/keycloak# helm upgrade my-keycloak -i -f secrets://values.yaml oci://registry-1.docker.io/bitnamicharts/keycloak -n my-keycloak-ns --version $KC_HC_VER
 </code>
 ==== Работа со своим репозиторием ====
@@ Line 2872: / Line 2958: @@
 <code>
-kube1:~/gitlab# curl -L https://github.com/kubernetes/kompose/releases/download/v1.37.0/kompose-linux-amd64 -o /usr/local/bin/kompose
+# curl -L https://github.com/kubernetes/kompose/releases/download/v1.37.0/kompose-linux-amd64 -o /usr/local/bin/kompose
-kube1:~/gitlab# chmod +x /usr/local/bin/kompose
+# chmod +x /usr/local/bin/kompose
+</code>
+  * [[Технология Docker#docker-compose]]
+<code>
+~/webd$ kompose convert
+~/webd$ ls *yaml
-root@gate:~# curl -L https://github.com/kubernetes/kompose/releases/download/v1.26.0/kompose-linux-amd64 -o kompose
+~/webd$ kubectl apply -f sftp-deployment.yaml,vol1-persistentvolumeclaim.yaml,webd-service.yaml,sftp-service.yaml,webd-deployment.yaml -n my-ns
-root@gate:~# chmod +x kompose
-root@gate:~# sudo mv ./kompose /usr/local/bin/kompose
-</code>
-  * [[Технология Docker#docker-compose]]
-<code>
-gitlab-runner@gate:~/webd$ kompose convert
-gitlab-runner@gate:~/webd$ ls *yaml
-gitlab-runner@gate:~/webd$ kubectl apply -f sftp-deployment.yaml,vol1-persistentvolumeclaim.yaml,webd-service.yaml,sftp-service.yaml,webd-deployment.yaml
-gitlab-runner@gate:~/webd$ kubectl get all
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools