Kubernetes: Porovnání verzí
Z Poznámkový blok
(Není zobrazeno 7 mezilehlých verzí od stejného uživatele.) | |||
Řádka 2: | Řádka 2: | ||
=== K3S Server === | === K3S Server === | ||
sudo su - | sudo su - | ||
− | curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" sh - | + | curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--tls-san DOMAIN_NAME_SERVERU" sh - |
+ | |||
+ | |||
'''K3S Server token:''' | '''K3S Server token:''' | ||
cat /var/lib/rancher/k3s/server/node-token | cat /var/lib/rancher/k3s/server/node-token | ||
+ | |||
+ | == Aktualizace == | ||
+ | https://docs.k3s.io/upgrades | ||
+ | https://pet2cattle.com/2021/05/k3s-autoupgrade | ||
=== K3S Agent === | === K3S Agent === | ||
Řádka 11: | Řádka 17: | ||
curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN=K3S_SERVER_TOKEN sh - | curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN=K3S_SERVER_TOKEN sh - | ||
''IP_K3S_SERVERU odkazuje na k3s serveru kde se musí taky vzít K3S_SERVER_TOKEN'' | ''IP_K3S_SERVERU odkazuje na k3s serveru kde se musí taky vzít K3S_SERVER_TOKEN'' | ||
+ | |||
+ | ==== Chyba s k3s.yaml ==== | ||
+ | Pokud se vyskytne tahle chyba, znamená to že nexistuje potřebný config pro připojení na K3S Server API | ||
+ | E0729 12:28:41.362749 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
+ | E0729 12:28:41.363353 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
+ | E0729 12:28:41.364959 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
+ | E0729 12:28:41.366636 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
+ | E0729 12:28:41.368364 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused | ||
+ | The connection to the server localhost:8080 was refused - did you specify the right host or port? | ||
+ | |||
+ | Tento problém se vyřeší zkopírování configu z k3s serveru na daný k3s agenta | ||
+ | sudo cat /etc/rancher/k3s/k3s.yaml | ||
+ | |||
+ | Zde se přepíše jenom řádek se "'''server: http://localhost:6443'''" na IP_ADDRESSU/DOMAIN K3S_serveru a poté se to opět uloží na stejný místo | ||
+ | sudo mkdir /etc/rancher/k3s | ||
+ | sudo nano /etc/rancher/k3s/k3s.yaml | ||
+ | |||
+ | Takhle vypadá konfig bez údaju ''k3s.yaml'' | ||
+ | apiVersion: v1 | ||
+ | clusters: | ||
+ | - cluster: | ||
+ | certificate-authority-data: BASE64_SERVER-CA.CRT | ||
+ | server: https://IP_ADDRESSA:6443 | ||
+ | name: default | ||
+ | contexts: | ||
+ | - context: | ||
+ | cluster: default | ||
+ | user: default | ||
+ | name: default | ||
+ | current-context: default | ||
+ | kind: Config | ||
+ | preferences: {} | ||
+ | users: | ||
+ | - name: default | ||
+ | user: | ||
+ | client-certificate-data: BASE64_SERVER-CA.CRT | ||
+ | client-key-data: BASE64_CLIENT-CA.CRT | ||
+ | == Helm == | ||
+ | curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | ||
+ | export KUBECONFIG=/etc/rancher/k3s/k3s.yaml | ||
== Kubernetes proxy == | == Kubernetes proxy == | ||
Řádka 72: | Řádka 118: | ||
== Konfigurace == | == Konfigurace == | ||
+ | === Firewall == | ||
+ | https://docs.k3s.io/advanced#ubuntu |
Aktuální verze z 11. 10. 2023, 10:44
Instalace
K3S Server
sudo su - curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--tls-san DOMAIN_NAME_SERVERU" sh -
K3S Server token:
cat /var/lib/rancher/k3s/server/node-token
Aktualizace
https://docs.k3s.io/upgrades https://pet2cattle.com/2021/05/k3s-autoupgrade
K3S Agent
sudo su - curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN=K3S_SERVER_TOKEN sh -
IP_K3S_SERVERU odkazuje na k3s serveru kde se musí taky vzít K3S_SERVER_TOKEN
Chyba s k3s.yaml
Pokud se vyskytne tahle chyba, znamená to že nexistuje potřebný config pro připojení na K3S Server API
E0729 12:28:41.362749 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.363353 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.364959 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.366636 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.368364 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused The connection to the server localhost:8080 was refused - did you specify the right host or port?
Tento problém se vyřeší zkopírování configu z k3s serveru na daný k3s agenta
sudo cat /etc/rancher/k3s/k3s.yaml
Zde se přepíše jenom řádek se "server: http://localhost:6443" na IP_ADDRESSU/DOMAIN K3S_serveru a poté se to opět uloží na stejný místo
sudo mkdir /etc/rancher/k3s sudo nano /etc/rancher/k3s/k3s.yaml
Takhle vypadá konfig bez údaju k3s.yaml
apiVersion: v1 clusters: - cluster: certificate-authority-data: BASE64_SERVER-CA.CRT server: https://IP_ADDRESSA:6443 name: default contexts: - context: cluster: default user: default name: default current-context: default kind: Config preferences: {} users: - name: default user: client-certificate-data: BASE64_SERVER-CA.CRT client-key-data: BASE64_CLIENT-CA.CRT
Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
Kubernetes proxy
Dobré pro testování, nikoliv pro produkci
kubectl proxy --disable-filter=true --address 0.0.0.0
Dashboards
Kubernetes dashboard
Instalace
sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
Konfigurace service účtu
Dashboard RBAC Configuration
dashboard.admin-user.yml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard
dashboard.admin-user-role.yml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
Uplatnění
sudo k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
Získání Beart tokenu
sudo k3s kubectl -n kubernetes-dashboard create token admin-user
Smazání
sudo k3s kubectl delete ns kubernetes-dashboard
Upgrade
sudo k3s kubectl delete ns kubernetes-dashboard sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/VERZE/aio/deploy/recommended.yaml
VERZE viz: https://github.com/kubernetes/dashboard
URL API přes proxy
http://IP_ADDRESS:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.
Portainer
Instalace
sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
Smazání
sudo k3s kubectl delete ns portainer
Upgrade
sudo k3s kubectl delete ns portainer sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml