Kubernetes: Difference between revisions
Jump to navigation
Jump to search
| Line 26: | Line 26: | ||
=== Rebuild Cluster === | === Rebuild Cluster === | ||
sudo apt install kubeadm kubelet containerd | |||
kubeadm reset | kubeadm reset | ||
rm -rf /etc/cni/net.d | rm -rf /etc/cni/net.d | ||
Revision as of 09:51, 20 May 2024
https://kubernetes.io/docs/reference/kubectl/cheatsheet/#kubectl-context-and-configuration
service kubelet stop docker rm -f $(docker ps -a -q --filter "name=k8s") service containerd stop
systemctl status kubelet journalctl -xeu kubelet
Cluster Info
kubectl cluster-info kubectl get nodes kubectl get pods --all-namespaces -o wide kubectl describe pod -n kubernetes-dashboard
SWAP OFF
swapoff /var/swapfile
SWAP ON
dd if=/dev/zero of=/var/swapfile bs=1M count=4128 mkswap /var/swapfile chmod 777 /var/swapfile echo "/var/swapfile none swap sw 0 0" >> /etc/fstab swapon /var/swapfile
Rebuild Cluster
sudo apt install kubeadm kubelet containerd
kubeadm reset rm -rf /etc/cni/net.d ip link delete cni0 ip link delete flannel.1
kubeadm init --pod-network-cidr=10.244.0.0/16
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubeadm token create --print-join-command kubeadm join 10.0.0.230:6443 --token 9uujzu.c1wjk2y65uiasfwf \ --discovery-token-ca-cert-hash sha256:0ed142167d4edf1c96ec21522d2dda6b564cc139c03513a289016c357d5dc97b kubectl get nodes kubectl describe node | grep -i taint kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl get pods --all-namespaces -o wide
Flannel Network
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Kuberenetes Dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.1.0/aio/deploy/recommended.yaml kubectl describe pod -n kubernetes-dashboard kubernetes-dashboard-7448ffc97b-p9frn
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard EOF
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="Template:.data.token"
HAPROXY Ingress Helm
helm repo add haproxytech https://haproxytech.github.io/helm-charts helm repo update helm install haproxy haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet --set controller.daemonset.useHostPort=true
HAPROXY Ingress Deployment
https://www.haproxy.com/blog/announcing-haproxy-kubernetes-ingress-controller-1-5/ https://www.haproxy.com/documentation/kubernetes/latest/configuration/controller/
kubectl apply -f https://raw.githubusercontent.com/haproxytech/kubernetes-ingress/master/deploy/haproxy-ingress.yaml
kubectl describe pod -n haproxy-controller haproxy-ingress-67f7c8b555-lw6cs kubectl describe pod -n haproxy-controller ingress-default-backend-78f5cc7d4c-2kvqv
NGINX
kubectl create namespace nginx kubectl apply -f deployment-nginx.yaml -n nginx kubectl create service nodeport nginx --tcp=80:80 -n nginx kubectl apply -f nginx-ingress.yaml -n nginx
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
EOF
spec:
clusterIP: 10.105.252.237
externalTrafficPolicy: Cluster
greeting: hello
ports:
ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType. NodePort: Exposes the Service on each Node's IP at a static port (the NodePort). A ClusterIP Service, to which the NodePort Service routes, is automatically created. You'll be able to contact the NodePort Service, from outside the cluster, by requesting <NodeIP>:<NodePort>. LoadBalancer: Exposes the Service externally using a cloud provider's load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created. ExternalName: Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up.
Helm Mediawiki
helm repo add bitnami https://charts.bitnami.com/bitnami helm install my-release bitnami/mediawiki helm install 1.35.1 bitnami/mediawiki
redis mediawiki asterisk
helm bitname
helm repo add bitnami https://charts.bitnami.com/bitnami helm install mediawiki bitnami/mediawiki
NAME: mediawiki LAST DEPLOYED: Sun Feb 7 09:53:38 2021 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: ############################################################################### ### ERROR: You did not provide an external host in your 'helm install' call ### ############################################################################### This deployment will be incomplete until you configure Mediawiki with a resolvable host. To configure Mediawiki with the URL of your service:
Get the Mediawiki URL by running:
kubectl get svc --namespace default -w mediawiki
export APP_HOST=$(kubectl get svc --namespace default mediawiki --template "Template:Range (index .status.loadBalancer.ingress 0){{ . }}Template:End") export APP_PASSWORD=$(kubectl get secret --namespace default mediawiki -o jsonpath="{.data.mediawiki-password}" | base64 --decode) export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default mediawiki-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) export MARIADB_PASSWORD=$(kubectl get secret --namespace default mediawiki-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode)
helm upgrade mediawiki bitnami/mediawiki \ --set mediawikiHost=$APP_HOST,mediawikiPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD,mariadb.auth.password=$MARIADB_PASSWORD
kubectl get secret --namespace default mediawiki -o jsonpath="{.data.mediawiki-password}" | base64 --decode
Gluster
https://kubernetes.io/docs/concepts/storage/volumes/ https://github.com/kubernetes/examples/tree/master/volumes/glusterfs
https://github.com/gluster/glusterfs/issues/268 https://github.com/gluster/glusterfs/blob/master/libglusterfs/src/syncop.c https://github.com/gluster/glusterfs/blob/master/doc/developer-guide/syncop.md
pthread context / getcontext, swapcontext, makecontext
SUSv2, POSIX.1-2001. POSIX.1-2008 removes the specifications of makecontext() and swapcontext(), citing portability issues, and recommending that applications be rewritten to use POSIX threads instead.
brickmux-thread-reduction.md
LVM Resize
lvreduce -L -24G /dev/vg-data/data lvcreate -L 24G -n kubernetes vg-data mkfs.xfs -i size=512 /dev/vg-data/kubernetes mkdir -p /export/kubernetes/brick echo "/dev/vg-data/kubernetes /export/kubernetes xfs defaults 0 0" >> /etc/fstab mount -a
gluster volume create gv0 ubuntu:/export/kubernetes/brick gluster volume create gv0 replica 2 ubuntu:/export/kubernetes/brick u2:/export/kubernetes/brick gluster volume info gluster volume start gv0
mount -t glusterfs acer:gv0 /mnt/glusterfs
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: Endpoints metadata: name: glusterfs-cluster subsets: - addresses: - ip: 10.0.0.250 ports: - port: 1 EOF
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: glusterfs
image: nginx
volumeMounts:
- mountPath: "/usr/share/nginx/html/"
name: glusterfsvol
volumes:
- name: glusterfsvol
glusterfs:
endpoints: glusterfs-cluster
path: gv0
readOnly: true
EOF
kubectl cp index.html nginx:/usr/share/nginx/html/
mount -t glusterfs acer:gv0 /mnt/glusterfs cp ~/index.html .
apiVersion: v1
kind: PersistentVolume
metadata:
name: gluster-pv
spec:
capacity:
storage: 24Gi
storageClassName: standard
accessModes:
- ReadWriteMany
glusterfs:
endpoints: gluster-cluster
path: /gv0
readOnly: false
persistentVolumeReclaimPolicy: Retain
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nginx-pvc
spec:
accessModes:
- ReadOnlyMany
resources:
requests:
storage: 1Gi
selector:
matchLabels:
name: standard
kind: PersistentVolume
apiVersion: v1
metadata:
name: gluster-pv
labels:
name: models-1-0-0
spec:
capacity:
storage: 200Gi
storageClassName: standard
accessModes:
- ReadOnlyMany
gcePersistentDisk:
pdName: models-1-0-0
fsType: ext4
readOnly: true
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nginx-pvc
spec:
accessModes:
- ReadOnlyMany
resources:
requests:
storage: 1Gi
selector:
matchLabels:
name: glusterfs
lvreduce -L -24G /dev/vg-data/data lvcreate -L 24G -n kubernetes vg-data mkfs.xfs -i size=512 /dev/vg-data/kubernetes mkdir -p /export/kubernetes/brick echo "/dev/vg-data/kubernetes /export/kubernetes xfs defaults 0 0" >> /etc/fstab mount -a
sudo gluster volume info gluster volume create gv0 ubuntu:/export/kubernetes/brick gluster volume create gv0 replica 2 ubuntu:/export/kubernetes/brick u2:/export/kubernetes/brick gluster volume info gluster volume start gv0
mount -t glusterfs acer:gv0 /mnt/glusterfs mount -t glusterfs ubuntu:gv0 /mnt/glusterfs mount -t glusterfs ubuntu:gv1 /mnt/glusterfs mount -t glusterfs ubuntu:gv2 /mnt/glusterfs
https://kubernetes.io/docs/concepts/storage/volumes/ https://github.com/kubernetes/examples/tree/master/volumes/glusterfs
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: gfs-pv0
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteMany
glusterfs:
endpoints: gfs-cluster
path: /gv0
readOnly: false
persistentVolumeReclaimPolicy: Retain
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: gfs-pv1
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteMany
glusterfs:
endpoints: gfs-cluster
path: /gv1
readOnly: false
persistentVolumeReclaimPolicy: Retain
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: gfs-pv2
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteMany
glusterfs:
endpoints: gfs-cluster
path: /gv2
readOnly: false
persistentVolumeReclaimPolicy: Retain
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: mariadb
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 8Gi
---
apiVersion: v1
kind: Endpoints
metadata:
name: gfs-cluster
subsets:
- addresses:
- ip: 10.0.0.230
ports:
- port: 1
---
apiVersion: v1
kind: Service
metadata:
name: gfs-cluster
spec:
ports:
- port: 1
EOF
helm uninstall mariadb helm install mariadb bitnami/mariadb --set primary.persistence.existingClaim=mariadb
kubectl get pods -w --namespace default -l release=mariadb
kubectl get secret --namespace default mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode
kubectl run mariadb-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mariadb:10.5.8-debian-10-r69 --namespace default --command -- bash
mysql -h mariadb.default.svc.cluster.local -uroot -p my_database
ROOT_PASSWORD=$(kubectl get secret --namespace default mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)
helm upgrade mariadb bitnami/mariadb --set auth.rootPassword=$ROOT_PASSWORD
Azure EKS
Import-Module Az.Accounts Connect-AzAccount Install-AzAksKubectl Write-Output $Env:Path Import-AzAksCredential -ResourceGroupName cluster -Name cluster
kubectl version
kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'
kubectl get nodes
kubectl get namespace
kubectl apply -f https://raw.githubusercontent.com/Azure-Samples/azure-voting-app-redis/master/azure-vote-all-in-one-redis.yaml
kubectl get pods
kubectl get services
kubectl cordon $(kubectl get nodes -o name) kubectl.exe apply -f .\vote.yaml
https://azure.github.io/application-gateway-kubernetes-ingress/features/private-ip/ https://azure.github.io/application-gateway-kubernetes-ingress/
Remove-AzResourceGroup -Name cluster
kubectl apply -f https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/master/deploy/azuredeploy.json
wget https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/master/deploy/azuredeploy.json
resourceGroupName="cluster" location="westeurope" deploymentName="ingress-appgw"
Google GCP GKE
gcloud container clusters get-credentials your-first-cluster-1 --zone europe-north1-c --project third-light
gcloud compute ssh username@gke-your-first-cluster-1-pool-1-34a9d362 ssh -i id_ed25519 username@35.228.24.238 ssh -i .ssh/google_compute_engine username@35.228.239.240 -L 8444:10.3.255.31:8444 curl -vk https://localhost:8444
kube.config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLBVEUtLS0tLQo=
server: https://35.228.120.76
name: gke_third-light-233710_europe-north1-c_your-first-cluster-1
contexts:
- context:
cluster: gke_third-light-233710_europe-north1-c_your-first-cluster-1
user: gke_third-light-233710_europe-north1-c_your-first-cluster-1
name: gke_third-light-233710_europe-north1-c_your-first-cluster-1
current-context: gke_third-light-233710_europe-north1-c_your-first-cluster-1
kind: Config
preferences: {}
users:
- name: gke_third-light-233710_europe-north1-c_your-first-cluster-1
user:
auth-provider:
config:
access-token: ya29.GlsjB2Z-Sk3dGWQVofpYCb7-06xo2ZLnpNJ7Ml67pkH
cmd-args: config config-helper --format=json
cmd-path: /usr/bin/gcloud
expiry: "2019-06-09T09:39:47Z"
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
Ignition
https://www.codetab.org/post/kubernetes-cluster-virtualbox/
storage:
files:
- path: /etc/sysctl.d/20-silence-audit.conf
contents:
inline: |
kernel.printk=4
- path: /etc/hostname
mode: 420
contents:
source: "data:,fcos"
https://docs.okd.io/4.11/architecture/architecture-rhcos.html
sudo podman run --pull=always --privileged --rm \ -v /dev:/dev -v /run/udev:/run/udev -v .:/data -w /data \ quay.io/coreos/coreos-installer:release \ install /dev/vdb -i config.ign
Alpine
https://wiki.alpinelinux.org/wiki/K8s
OpenEBS
kubectl apply -f https://openebs.github.io/charts/cstor-operator.yaml