Kubernetes
Z Poznámkový blok
Instalace
K3S Server
sudo su - curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--tls-san DOMAIN_NAME_SERVERU" sh -
K3S Server token:
cat /var/lib/rancher/k3s/server/node-token
Aktualizace
K3S Agent
sudo su - curl -sfL https://get.k3s.io | K3S_URL=https://IP_K3S_SERVERU:6443 K3S_TOKEN=K3S_SERVER_TOKEN sh -
IP_K3S_SERVERU odkazuje na k3s serveru kde se musí taky vzít K3S_SERVER_TOKEN
Chyba s k3s.yaml
Pokud se vyskytne tahle chyba, znamená to že nexistuje potřebný config pro připojení na K3S Server API
E0729 12:28:41.362749 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.363353 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.364959 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.366636 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused E0729 12:28:41.368364 136411 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused The connection to the server localhost:8080 was refused - did you specify the right host or port?
Tento problém se vyřeší zkopírování configu z k3s serveru na daný k3s agenta
sudo cat /etc/rancher/k3s/k3s.yaml
Zde se přepíše jenom řádek se "server: http://localhost:6443" na IP_ADDRESSU/DOMAIN K3S_serveru a poté se to opět uloží na stejný místo
sudo mkdir /etc/rancher/k3s sudo nano /etc/rancher/k3s/k3s.yaml
Takhle vypadá konfig bez údaju k3s.yaml
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: BASE64_SERVER-CA.CRT
server: https://IP_ADDRESSA:6443
name: default
contexts:
- context:
cluster: default
user: default
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
user:
client-certificate-data: BASE64_SERVER-CA.CRT
client-key-data: BASE64_CLIENT-CA.CRT
Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
Kubernetes proxy
Dobré pro testování, nikoliv pro produkci
kubectl proxy --disable-filter=true --address 0.0.0.0
Dashboards
Kubernetes dashboard
Instalace
sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
Konfigurace service účtu
Dashboard RBAC Configuration
dashboard.admin-user.yml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard
dashboard.admin-user-role.yml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
Uplatnění
sudo k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
Získání Beart tokenu
sudo k3s kubectl -n kubernetes-dashboard create token admin-user
Smazání
sudo k3s kubectl delete ns kubernetes-dashboard
Upgrade
sudo k3s kubectl delete ns kubernetes-dashboard sudo k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/VERZE/aio/deploy/recommended.yaml
VERZE viz: https://github.com/kubernetes/dashboard
URL API přes proxy
http://IP_ADDRESS:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.
Portainer
Instalace
sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
Smazání
sudo k3s kubectl delete ns portainer
Upgrade
sudo k3s kubectl delete ns portainer sudo k3s kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
