Kubernetes: Porovnání verzí

Z Poznámkový blok
Přejít na: navigace, hledání
 
(Není zobrazeno 7 mezilehlých verzí od stejného uživatele.)
Řádka 2: Řádka 2:
 
=== K3S Server ===
 
=== K3S Server ===
 
  sudo su -
 
  sudo su -
  curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" sh -
+
  curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--tls-san DOMAIN_NAME_SERVERU" sh -
 +
 
 +
 
  
 
'''K3S Server token:'''
 
'''K3S Server token:'''
 
  cat /var/lib/rancher/k3s/server/node-token
 
  cat /var/lib/rancher/k3s/server/node-token
 +
 +
== Aktualizace ==
 +
https://docs.k3s.io/upgrades
 +
https://pet2cattle.com/2021/05/k3s-autoupgrade
  
 
=== K3S Agent ===
 
=== K3S Agent ===
Řádka 11: Řádka 17:
 
  curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN=K3S_SERVER_TOKEN sh -
 
  curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN=K3S_SERVER_TOKEN sh -
 
''IP_K3S_SERVERU odkazuje na k3s serveru kde se musí taky vzít K3S_SERVER_TOKEN''
 
''IP_K3S_SERVERU odkazuje na k3s serveru kde se musí taky vzít K3S_SERVER_TOKEN''
 +
 +
==== Chyba s k3s.yaml ====
 +
Pokud se vyskytne tahle chyba, znamená to že nexistuje potřebný config pro připojení na K3S Server API
 +
E0729 12:28:41.362749  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
 +
E0729 12:28:41.363353  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
 +
E0729 12:28:41.364959  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
 +
E0729 12:28:41.366636  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
 +
E0729 12:28:41.368364  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
 +
The connection to the server localhost:8080 was refused - did you specify the right host or port?
 +
 +
Tento problém se vyřeší zkopírování configu z k3s serveru na daný k3s agenta
 +
sudo cat /etc/rancher/k3s/k3s.yaml
 +
 +
Zde se přepíše jenom řádek se "'''server: http://localhost:6443'''" na IP_ADDRESSU/DOMAIN K3S_serveru a poté se to opět uloží na stejný místo
 +
sudo mkdir /etc/rancher/k3s
 +
sudo nano /etc/rancher/k3s/k3s.yaml
 +
 +
Takhle vypadá konfig bez údaju ''k3s.yaml''
 +
apiVersion: v1
 +
clusters:
 +
- cluster:
 +
    certificate-authority-data: BASE64_SERVER-CA.CRT
 +
    server: https://IP_ADDRESSA:6443
 +
  name: default
 +
contexts:
 +
- context:
 +
    cluster: default
 +
    user: default
 +
  name: default
 +
current-context: default
 +
kind: Config
 +
preferences: {}
 +
users:
 +
- name: default
 +
  user:
 +
    client-certificate-data: BASE64_SERVER-CA.CRT
 +
    client-key-data: BASE64_CLIENT-CA.CRT
 +
== Helm ==
 +
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
 +
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
  
 
== Kubernetes proxy ==
 
== Kubernetes proxy ==
Řádka 72: Řádka 118:
  
 
== Konfigurace ==
 
== Konfigurace ==
 +
=== Firewall ==
 +
https://docs.k3s.io/advanced#ubuntu

Aktuální verze z 11. 10. 2023, 10:44

Instalace

K3S Server

sudo su -
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--tls-san DOMAIN_NAME_SERVERU" sh -


K3S Server token:

cat /var/lib/rancher/k3s/server/node-token

Aktualizace

https://docs.k3s.io/upgrades https://pet2cattle.com/2021/05/k3s-autoupgrade

K3S Agent

sudo su -
curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN=K3S_SERVER_TOKEN sh -

IP_K3S_SERVERU odkazuje na k3s serveru kde se musí taky vzít K3S_SERVER_TOKEN

Chyba s k3s.yaml

Pokud se vyskytne tahle chyba, znamená to že nexistuje potřebný config pro připojení na K3S Server API

E0729 12:28:41.362749  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E0729 12:28:41.363353  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E0729 12:28:41.364959  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E0729 12:28:41.366636  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E0729 12:28:41.368364  136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
The connection to the server localhost:8080 was refused - did you specify the right host or port?

Tento problém se vyřeší zkopírování configu z k3s serveru na daný k3s agenta

sudo cat /etc/rancher/k3s/k3s.yaml

Zde se přepíše jenom řádek se "server: http://localhost:6443" na IP_ADDRESSU/DOMAIN K3S_serveru a poté se to opět uloží na stejný místo

sudo mkdir /etc/rancher/k3s
sudo nano /etc/rancher/k3s/k3s.yaml

Takhle vypadá konfig bez údaju k3s.yaml

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: BASE64_SERVER-CA.CRT
    server: https://IP_ADDRESSA:6443
  name: default
contexts:
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
  user:
    client-certificate-data: BASE64_SERVER-CA.CRT
    client-key-data: BASE64_CLIENT-CA.CRT

Helm

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

Kubernetes proxy

Dobré pro testování, nikoliv pro produkci

kubectl proxy --disable-filter=true --address 0.0.0.0

Dashboards

Kubernetes dashboard

Instalace

sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

Konfigurace service účtu

Dashboard RBAC Configuration

dashboard.admin-user.yml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

dashboard.admin-user-role.yml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
Uplatnění
sudo k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
Získání Beart tokenu
sudo k3s kubectl -n kubernetes-dashboard create token admin-user

Smazání

sudo k3s kubectl delete ns kubernetes-dashboard

Upgrade

 sudo k3s kubectl delete ns kubernetes-dashboard
 sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/VERZE/aio/deploy/recommended.yaml

VERZE viz: https://github.com/kubernetes/dashboard

URL API přes proxy

http://IP_ADDRESS:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.

Portainer

Instalace

sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml

Smazání

sudo k3s kubectl delete ns portainer

Upgrade

sudo k3s kubectl delete ns portainer
sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml

Konfigurace

= Firewall

https://docs.k3s.io/advanced#ubuntu