Kubernetes: Porovnání verzí
Z Poznámkový blok
| (Není zobrazeno 10 mezilehlých verzí od stejného uživatele.) | |||
| Řádka 1: | Řádka 1: | ||
== Instalace == | == Instalace == | ||
| + | === K3S Server === | ||
| + | sudo su - | ||
| + | curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--tls-san DOMAIN_NAME_SERVERU" sh - | ||
| + | |||
| − | |||
| − | |||
| − | |||
| − | K3S | + | '''K3S Server token:''' |
cat /var/lib/rancher/k3s/server/node-token | cat /var/lib/rancher/k3s/server/node-token | ||
| − | K3S Agent | + | == Aktualizace == |
| + | https://docs.k3s.io/upgrades | ||
| + | https://pet2cattle.com/2021/05/k3s-autoupgrade | ||
| + | |||
| + | === K3S Agent === | ||
sudo su - | sudo su - | ||
| − | curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN= | + | curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN=K3S_SERVER_TOKEN sh - |
| + | ''IP_K3S_SERVERU odkazuje na k3s serveru kde se musí taky vzít K3S_SERVER_TOKEN'' | ||
| + | |||
| + | ==== Chyba s k3s.yaml ==== | ||
| + | Pokud se vyskytne tahle chyba, znamená to že nexistuje potřebný config pro připojení na K3S Server API | ||
| + | E0729 12:28:41.362749 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
| + | E0729 12:28:41.363353 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
| + | E0729 12:28:41.364959 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
| + | E0729 12:28:41.366636 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
| + | E0729 12:28:41.368364 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
| + | The connection to the server localhost:8080 was refused - did you specify the right host or port? | ||
| + | |||
| + | Tento problém se vyřeší zkopírování configu z k3s serveru na daný k3s agenta | ||
| + | sudo cat /etc/rancher/k3s/k3s.yaml | ||
| + | |||
| + | Zde se přepíše jenom řádek se "'''server: http://localhost:6443'''" na IP_ADDRESSU/DOMAIN K3S_serveru a poté se to opět uloží na stejný místo | ||
| + | sudo mkdir /etc/rancher/k3s | ||
| + | sudo nano /etc/rancher/k3s/k3s.yaml | ||
| + | |||
| + | Takhle vypadá konfig bez údaju ''k3s.yaml'' | ||
| + | apiVersion: v1 | ||
| + | clusters: | ||
| + | - cluster: | ||
| + | certificate-authority-data: BASE64_SERVER-CA.CRT | ||
| + | server: https://IP_ADDRESSA:6443 | ||
| + | name: default | ||
| + | contexts: | ||
| + | - context: | ||
| + | cluster: default | ||
| + | user: default | ||
| + | name: default | ||
| + | current-context: default | ||
| + | kind: Config | ||
| + | preferences: {} | ||
| + | users: | ||
| + | - name: default | ||
| + | user: | ||
| + | client-certificate-data: BASE64_SERVER-CA.CRT | ||
| + | client-key-data: BASE64_CLIENT-CA.CRT | ||
| + | == Helm == | ||
| + | curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | ||
| + | export KUBECONFIG=/etc/rancher/k3s/k3s.yaml | ||
| + | |||
| + | == Kubernetes proxy == | ||
| + | Dobré pro testování, nikoliv pro produkci | ||
| + | kubectl proxy --disable-filter=true --address 0.0.0.0 | ||
| + | |||
| + | == Dashboards == | ||
| + | === Kubernetes dashboard === | ||
| + | * https://docs.k3s.io/installation/kube-dashboard | ||
| + | ==== Instalace ==== | ||
| + | sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml | ||
| + | |||
| + | ==== Konfigurace service účtu ==== | ||
| + | ===== Dashboard RBAC Configuration ===== | ||
| + | ''dashboard.admin-user.yml'' | ||
| + | apiVersion: v1 | ||
| + | kind: ServiceAccount | ||
| + | metadata: | ||
| + | name: admin-user | ||
| + | namespace: kubernetes-dashboard | ||
| + | |||
| + | ''dashboard.admin-user-role.yml'' | ||
| + | apiVersion: rbac.authorization.k8s.io/v1 | ||
| + | kind: ClusterRoleBinding | ||
| + | metadata: | ||
| + | name: admin-user | ||
| + | roleRef: | ||
| + | apiGroup: rbac.authorization.k8s.io | ||
| + | kind: ClusterRole | ||
| + | name: cluster-admin | ||
| + | subjects: | ||
| + | - kind: ServiceAccount | ||
| + | name: admin-user | ||
| + | namespace: kubernetes-dashboard | ||
| + | |||
| + | ===== Uplatnění ===== | ||
| + | sudo k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml | ||
| + | |||
| + | ===== Získání Beart tokenu ===== | ||
| + | sudo k3s kubectl -n kubernetes-dashboard create token admin-user | ||
| + | |||
| + | ==== Smazání ==== | ||
| + | sudo k3s kubectl delete ns kubernetes-dashboard | ||
| + | |||
| + | ==== Upgrade ==== | ||
| + | sudo k3s kubectl delete ns kubernetes-dashboard | ||
| + | sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/VERZE/aio/deploy/recommended.yaml | ||
| + | ''VERZE viz: https://github.com/kubernetes/dashboard'' | ||
| + | |||
| + | ==== URL API přes proxy ==== | ||
| + | http://IP_ADDRESS:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/. | ||
| + | |||
| + | === Portainer === | ||
| + | ==== Instalace ==== | ||
| + | sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml | ||
| + | ==== Smazání ==== | ||
| + | sudo k3s kubectl delete ns portainer | ||
| + | ==== Upgrade ==== | ||
| + | sudo k3s kubectl delete ns portainer | ||
| + | sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml | ||
== Konfigurace == | == Konfigurace == | ||
| − | + | === Firewall == | |
| − | + | https://docs.k3s.io/advanced#ubuntu | |
Aktuální verze z 11. 10. 2023, 10:44
Instalace
K3S Server
sudo su - curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--tls-san DOMAIN_NAME_SERVERU" sh -
K3S Server token:
cat /var/lib/rancher/k3s/server/node-token
Aktualizace
https://docs.k3s.io/upgrades https://pet2cattle.com/2021/05/k3s-autoupgrade
K3S Agent
sudo su - curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN=K3S_SERVER_TOKEN sh -
IP_K3S_SERVERU odkazuje na k3s serveru kde se musí taky vzít K3S_SERVER_TOKEN
Chyba s k3s.yaml
Pokud se vyskytne tahle chyba, znamená to že nexistuje potřebný config pro připojení na K3S Server API
E0729 12:28:41.362749 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.363353 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.364959 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.366636 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.368364 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused The connection to the server localhost:8080 was refused - did you specify the right host or port?
Tento problém se vyřeší zkopírování configu z k3s serveru na daný k3s agenta
sudo cat /etc/rancher/k3s/k3s.yaml
Zde se přepíše jenom řádek se "server: http://localhost:6443" na IP_ADDRESSU/DOMAIN K3S_serveru a poté se to opět uloží na stejný místo
sudo mkdir /etc/rancher/k3s sudo nano /etc/rancher/k3s/k3s.yaml
Takhle vypadá konfig bez údaju k3s.yaml
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: BASE64_SERVER-CA.CRT
server: https://IP_ADDRESSA:6443
name: default
contexts:
- context:
cluster: default
user: default
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
user:
client-certificate-data: BASE64_SERVER-CA.CRT
client-key-data: BASE64_CLIENT-CA.CRT
Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
Kubernetes proxy
Dobré pro testování, nikoliv pro produkci
kubectl proxy --disable-filter=true --address 0.0.0.0
Dashboards
Kubernetes dashboard
Instalace
sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
Konfigurace service účtu
Dashboard RBAC Configuration
dashboard.admin-user.yml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard
dashboard.admin-user-role.yml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
Uplatnění
sudo k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
Získání Beart tokenu
sudo k3s kubectl -n kubernetes-dashboard create token admin-user
Smazání
sudo k3s kubectl delete ns kubernetes-dashboard
Upgrade
sudo k3s kubectl delete ns kubernetes-dashboard sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/VERZE/aio/deploy/recommended.yaml
VERZE viz: https://github.com/kubernetes/dashboard
URL API přes proxy
http://IP_ADDRESS:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.
Portainer
Instalace
sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
Smazání
sudo k3s kubectl delete ns portainer
Upgrade
sudo k3s kubectl delete ns portainer sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
