docker:kubernetes
 
Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
docker:kubernetes [2020/05/25 11:44] – [Master] tmadedocker:kubernetes [2020/10/13 13:54] – [Alias] tmade
Line 3: Line 3:
 ====Install==== ====Install====
  
-Install repositories, docker and kubernetes packages on Ubuntu LTS 16.04:+Install repositories, docker and kubernetes packages on Ubuntu LTS 16.04, 18.04, 20.04:
  
-<code sh install-packages.sh>+<code sh install-k8s-packages.sh>
 #!/bin/bash #!/bin/bash
 + 
 +#author:  tmade
 +#version: 1.5
  
-#author:  Thomas Roehm +RELEASE=$(lsb_release -cs) 
-#version: 1.2+ 
 +echo "Install requirements" 
 + 
 +apt-get install \ 
 +    apt-transport-https \ 
 +    ca-certificates \ 
 +    curl \ 
 +    gnupg-agent \ 
 +    software-properties-common
  
 echo "" echo ""
Line 16: Line 27:
 DOCKERINSTALL=$(echo $?) DOCKERINSTALL=$(echo $?)
 echo "" echo ""
 + 
 if [ ${DOCKERINSTALL} -eq "0" ] if [ ${DOCKERINSTALL} -eq "0" ]
 then then
Line 24: Line 35:
         curl -sSL https://get.docker.com | sh         curl -sSL https://get.docker.com | sh
 fi fi
 + 
 echo "" echo ""
 echo "check k8s installation:" echo "check k8s installation:"
Line 30: Line 41:
 KUBEINSTALL=$(echo $?) KUBEINSTALL=$(echo $?)
 echo "" echo ""
 + 
 if [ ${KUBEINSTALL} -eq "0" ] if [ ${KUBEINSTALL} -eq "0" ]
 then then
Line 37: Line 48:
         echo "Installing k8s repository..."         echo "Installing k8s repository..."
         curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -         curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
-        echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list+ echo "deb http://apt.kubernetes.io/ kubernetes-${RELEASE} main" | sudo tee /etc/apt/sources.list.d/kubernetes.list 
 +        #echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
 fi fi
 + 
 echo "" echo ""
 echo "Setup cgroupdriver as systemd" echo "Setup cgroupdriver as systemd"
 echo "" echo ""
 + 
 cat > /etc/docker/daemon.json <<EOF cat > /etc/docker/daemon.json <<EOF
 { {
Line 54: Line 66:
 } }
 EOF EOF
 + 
 # Restart docker. # Restart docker.
 + 
 mkdir -p /etc/systemd/system/docker.service.d mkdir -p /etc/systemd/system/docker.service.d
 systemctl daemon-reload systemctl daemon-reload
 systemctl restart docker systemctl restart docker
 + 
 apt-get update apt-get update
-apt-mark unhold kubernetes-cni kubeadm kubelet kubectl docker-ce+apt-mark unhold kubernetes-cni kubeadm kubelet kubectl docker-ce docker-ce-cli
 echo "" echo ""
 echo "Up- or downgrade docker and k8s packages" echo "Up- or downgrade docker and k8s packages"
 echo "" echo ""
 + 
 apt-cache policy docker-ce  | head -n 30 apt-cache policy docker-ce  | head -n 30
 echo "" echo ""
Line 72: Line 84:
 echo "Version: \"${DVERSION}\" will be installed!" echo "Version: \"${DVERSION}\" will be installed!"
 echo "" echo ""
-apt-get install -y docker-ce=${DVERSION} --allow-downgrades+apt-get install -y docker-ce=${DVERSION} docker-ce-cli=${DVERSION} --allow-downgrades
 echo "" echo ""
 apt-cache policy kubeadm  | head -n 30 apt-cache policy kubeadm  | head -n 30
Line 81: Line 93:
 apt-get install -y kubeadm=${VERSION} kubelet=${VERSION} kubectl=${VERSION} --allow-downgrades apt-get install -y kubeadm=${VERSION} kubelet=${VERSION} kubectl=${VERSION} --allow-downgrades
 echo "" echo ""
-apt-mark hold kubelet kubeadm kubectl docker-ce+apt-mark hold kubelet kubeadm kubectl docker-ce docker-ce-cli
 echo "" echo ""
 echo "k8s packages are installed!" echo "k8s packages are installed!"
Line 87: Line 99:
 </code> </code>
  
-See also on https://kubernetes.io/docs/setup/independent/install-kubeadm/+Check also on https://kubernetes.io/docs/setup/independent/install-kubeadm/
  
  
Line 161: Line 173:
 ====Master==== ====Master====
  
-===Manually===+===Manually Install===
  
 Run **only on master**: Run **only on master**:
Line 167: Line 179:
   kubeadm config images pull                                                                                              #pulling images before setup k8s   kubeadm config images pull                                                                                              #pulling images before setup k8s
   kubeadm init --apiserver-advertise-address=192.168.10.5 --pod-network-cidr=192.168.0.0/16                               #if there are several nic´s you have too choose the management nic/ ip   kubeadm init --apiserver-advertise-address=192.168.10.5 --pod-network-cidr=192.168.0.0/16                               #if there are several nic´s you have too choose the management nic/ ip
-  kubeadm init --pod-network-cidr=192.168.0.0/16                                                                          #set pod-network-cidr+  kubeadm init --pod-network-cidr=192.168.0.0/16                                                                          #set pod-network-cidr to use calico CNI network plugins
      
 **Hint: If you are running your system behind a proxy, you have to make an proxy-exclude ("/etc/environment"):** **Hint: If you are running your system behind a proxy, you have to make an proxy-exclude ("/etc/environment"):**
Line 178: Line 190:
   echo "kubernetes ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers                                          echo "kubernetes ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers                                       
   su - kubernetes   su - kubernetes
-  #rm -r $HOME/.kube 
   mkdir -p $HOME/.kube   mkdir -p $HOME/.kube
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
Line 191: Line 202:
 ===Setup-Script=== ===Setup-Script===
  
-Setup k8s - packages have to be installed previously!+Setup k8s - packages (kube*, docker) have to be installed previously!
  
 Check out https://www.tmade.de/wiki/doku.php?id=docker:kubernetes#install Check out https://www.tmade.de/wiki/doku.php?id=docker:kubernetes#install
 +
 +Additionally the k8s-user has to exist with sudo rights (e. g. "useradd -s /bin/bash -m kubernetes") - check also above within same chapter.
  
 Download calico.yaml and dashboard.yaml and create required folderstructure (check variables). Download calico.yaml and dashboard.yaml and create required folderstructure (check variables).
Line 202: Line 215:
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm +#author:  tmade 
-#version: 1.4+#version: 1.5
  
 USER="kubernetes" USER="kubernetes"
Line 214: Line 227:
 DASBOARD="/home/kubernetes/dashboard" DASBOARD="/home/kubernetes/dashboard"
 # filename such as "kubernetes-dashboard-v2.0.0-rc5.yaml" expected # filename such as "kubernetes-dashboard-v2.0.0-rc5.yaml" expected
-DASHVERS="v2.0.0-rc5"+DASHVERS="v2.0.1"
 PODNETWORKADDON="192.168.0.0/16" PODNETWORKADDON="192.168.0.0/16"
  
Line 220: Line 233:
 echo "Setup -------------k8s--------------" echo "Setup -------------k8s--------------"
 echo "" echo ""
-su - kubernetes -c "kubectl version"+su - kubernetes -c "kubectl version 2> /dev/null"
 echo "" echo ""
 su - kubernetes -c "read -s -n 1 -p \"Press any key to continue . . .\"" su - kubernetes -c "read -s -n 1 -p \"Press any key to continue . . .\""
Line 284: Line 297:
  
 echo "" echo ""
-read -p "Do you want to schedule pods on your master? Please enter \"y\" or \"n\": " SCHEDULE+while [ -z $SCHEDULE ] ; 
 +do 
 +      read -p "Do you want to schedule pods on your master? Please enter \"y\" or \"n\": " SCHEDULE 
 +      echo "Please enter \"y\" or \"n\"" 
 +done 
 + 
 +echo ""
 echo "You´ve entered:  \"$SCHEDULE\"" echo "You´ve entered:  \"$SCHEDULE\""
 echo "" echo ""
 +
 if [ $SCHEDULE = y ] if [ $SCHEDULE = y ]
 then then
Line 352: Line 372:
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm+#author:  tmade
 #version: 1.1 #version: 1.1
  
Line 384: Line 404:
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm+#author:  tmade
 #version: 1.2 #version: 1.2
  
Line 442: Line 462:
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm +#author:  tmade 
-#version: 1.2+#version: 1.3
  
-DASHBOARDURLVERSION="v2.0.0"+DASHBOARDURLVERSION="v2.0.4"
 FILE="recommended.yaml" FILE="recommended.yaml"
 URL="https://raw.githubusercontent.com/kubernetes/dashboard/${DASHBOARDURLVERSION}/aio/deploy/${FILE}" URL="https://raw.githubusercontent.com/kubernetes/dashboard/${DASHBOARDURLVERSION}/aio/deploy/${FILE}"
Line 698: Line 718:
 #/bin/bash #/bin/bash
  
-echo "ImportantThe \"Common Name\" (CN) must be the same as the ServiceAccount name (e. g. tmade)!"+#author tmade 
 +#version: 1.5
  
-#author:  Thomas Roehm +echo "" 
-#version1.3+echo "ImportantThe \"Common Name\" (CN) must be the same as the ServiceAccount name (e. gMyHostname)!"
  
 C="DE" C="DE"
 ST="BW" ST="BW"
 L="MyCity" L="MyCity"
-O="tmade+O="MyCompany
-OU="Cluster+OU="MyDepartment
-CN="tmade"+CN="MyHostname"
 MAIL="test@test.com" MAIL="test@test.com"
 CERT="$(echo ~/certs)" CERT="$(echo ~/certs)"
Line 725: Line 746:
 fi fi
  
-openssl req -out kubecfg-${CN}.csr -new -newkey rsa:4096 -nodes -keyout kubecfg-${CN}.key -subj "/\C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}/emailAddress=${MAIL}"+read -p "Please enter your secure certificate password: " PASSWORD 
 +echo "" 
 +echo "Your password set to: \"$PASSWORD\"" 
 +echo "" 
 + 
 +dd if=/dev/urandom of=~/.rnd bs=256 count=1 2> /dev/null 
 +openssl req -out kubecfg-${CN}.csr -new -newkey rsa:4096 -nodes -keyout kubecfg-${CN}.key -subj "/C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}/emailAddress=${MAIL}"
 sudo openssl x509 -req -in kubecfg-${CN}.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out kubecfg-${CN}.crt -days 1000 -sha256 sudo openssl x509 -req -in kubecfg-${CN}.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out kubecfg-${CN}.crt -days 1000 -sha256
-openssl pkcs12 -export -clcerts -inkey kubecfg-${CN}.key -in kubecfg-${CN}.crt -out kubecfg-${CN}.p12 -name "kubernetes-client"+openssl pkcs12 -export -clcerts -inkey kubecfg-${CN}.key -in kubecfg-${CN}.crt -out kubecfg-${CN}.p12 -name "kubernetes-client" -passin pass:$PASSWORD -passout pass:$PASSWORD
  
 echo "" echo ""
Line 770: Line 797:
   namespace: kube-system   namespace: kube-system
 EOF EOF
 +
 +echo ""
 +echo "get the bearer token by running:"
 +echo ""
 +echo "kubectl -n kube-system describe secret \$(kubectl -n kube-system get secret | grep ${CN} | awk '{print \$1}')"
 +echo ""
 </code> </code>
-====Minicube - Pods on Master====+====Running Pods on Master====
  
 Remove the taints on the master so that you can schedule pods on it (doesn´t work on default): Remove the taints on the master so that you can schedule pods on it (doesn´t work on default):
Line 867: Line 900:
   kubectl get serviceaccounts myuser -o yaml   kubectl get serviceaccounts myuser -o yaml
   kubectl get secret | grep myuser   kubectl get secret | grep myuser
-  kubectl get secret myuser-token-1yvwg -o yaml                                            #the exact name from "myuser-token-abcde" you get via "kubectl get secret | grep myuser"+  kubectl get secret myuser-token-1yvwg -o yaml                                            #the exact name of "myuser-token-abcde" you get via "kubectl get secret | grep myuser"
   kubectl delete serviceaccount -n kube-system kubernetes-dashboard                        #namespace=kube-system, username=kubernetes-dashboard   kubectl delete serviceaccount -n kube-system kubernetes-dashboard                        #namespace=kube-system, username=kubernetes-dashboard
  
Line 956: Line 989:
 </code> </code>
  
-====Reset Cluster ====+====Reset Cluster Node ====
  
-If you wanna **reset the whole cluster** to the state after a fresh install, just run this on each node: +  kubeadm reset -f
- +
-  sudo kubeadm reset -f+
   iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X   iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
  
-Delete:+Delete node from cluster:
  
   kubectl drain <node-name> --delete-local-data --force --ignore-daemonsets   kubectl drain <node-name> --delete-local-data --force --ignore-daemonsets
   kubectl delete node <node-name>   kubectl delete node <node-name>
 +
 +====Reset k8s====
 +
 +If you wanna **reset the whole cluster** to the state after a fresh install, just run this on each node:
 +
 +<code sh reset-k8s.sh>
 +#!/bin/bash
 +
 +#author:  tmade
 +#version: 1.2
 +
 +HOME="/home/kubernetes"
 +
 +sudo kubeadm reset -f
 +iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
 +rm -r ${HOME}/.kube 2> /dev/null
 +</code>
  
 ====Single-Node-Cluster==== ====Single-Node-Cluster====
Line 1250: Line 1298:
  
 === Install nginx ingress-controller === === Install nginx ingress-controller ===
 +
 +Check also on https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
  
 <code sh install-nginx-ingress-controller.sh> <code sh install-nginx-ingress-controller.sh>
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm +#author:  tmade 
-#version: 1.1+#version: 1.3
  
 VERSION="1.6.3" VERSION="1.6.3"
-HOME="/home/kubernetes"+USER="kubernetes" 
 +HOME="/home/${USER}"
 FILE="${HOME}/kubernetes-ingress" FILE="${HOME}/kubernetes-ingress"
  
-if  [ -$FILE ]+if  [ -${FILE]
 then then
-        echo "Downloading Ingress..." 
-else 
         echo ""         echo ""
         echo "${FILE} exists, renaming..."         echo "${FILE} exists, renaming..."
Line 1270: Line 1319:
  
         mv ${FILE} ${FILE}.bak         mv ${FILE} ${FILE}.bak
 +else
 +        echo ""
 +        echo "Downloading Ingress..."
 +        echo ""
 fi fi
  
 +cd ${HOME}
 git clone https://github.com/nginxinc/kubernetes-ingress/ git clone https://github.com/nginxinc/kubernetes-ingress/
 cd kubernetes-ingress/deployments cd kubernetes-ingress/deployments
 git checkout v${VERSION} git checkout v${VERSION}
 +chown -R ${USER}:${USER} ${FILE}
  
 echo "" echo ""
Line 1280: Line 1335:
 echo "" echo ""
  
-kubectl apply -f common/ns-and-sa.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/common/ns-and-sa.yaml"
  
 echo "" echo ""
Line 1286: Line 1341:
 echo "" echo ""
  
-kubectl apply -f rbac/rbac.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/rbac/rbac.yaml"
  
 echo "" echo ""
Line 1292: Line 1347:
 echo "" echo ""
  
-kubectl apply -f common/default-server-secret.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/common/default-server-secret.yaml"
  
 echo "" echo ""
Line 1298: Line 1353:
 echo "" echo ""
  
-kubectl apply -f common/nginx-config.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/common/nginx-config.yaml"
  
 echo "" echo ""
Line 1304: Line 1359:
 echo "" echo ""
  
-kubectl apply -f common/custom-resource-definitions.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/common/custom-resource-definitions.yaml"
  
 echo "" echo ""
Line 1311: Line 1366:
  
 #kubectl apply -f deployment/nginx-ingress.yaml #kubectl apply -f deployment/nginx-ingress.yaml
-kubectl apply -f daemon-set/nginx-ingress.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/daemon-set/nginx-ingress.yaml"
  
 echo "" echo ""
 echo "Ingress Controller has been installed." echo "Ingress Controller has been installed."
 +echo ""
 +echo "Status - please press \"ctrl + c\" when all pods are running"
 echo "" echo ""
  
-kubectl get pods -A -o wide+watch kubectl get pods -A -o wide
 </code> </code>
  
Line 1381: Line 1438:
 #          servicePort: 80 #          servicePort: 80
  
 +</code>
 +
 +Another example:
 +
 +<code>
 +apiVersion: networking.k8s.io/v1beta1
 +kind: Ingress
 +metadata:
 +  name: simple-fanout-example
 +  annotations:
 +    nginx.ingress.kubernetes.io/rewrite-target: /
 +spec:
 +  rules:
 +  - host: foo.bar.com
 +    http:
 +      paths:
 +      - path: /foo
 +        backend:
 +          serviceName: service1
 +          servicePort: 4200
 +      - path: /bar
 +        backend:
 +          serviceName: service2
 +          servicePort: 8080
 </code> </code>
  
Line 1428: Line 1509:
   kubectl delete -f file.yaml   kubectl delete -f file.yaml
   kubectl autoscale deployment foo --min=2 --max=10   kubectl autoscale deployment foo --min=2 --max=10
 +  kubectl cp file-name pod-name:./destination-path
  
 Logging: Logging:
Line 1433: Line 1515:
   kubectl get events   kubectl get events
   kubectl get events -n default   kubectl get events -n default
 +  kubectl get events -w --all-namespaces
   kubectl delete events --all   kubectl delete events --all
   kubectl logs -n kube-system -p calico-node-xxxxx -c calico-node   kubectl logs -n kube-system -p calico-node-xxxxx -c calico-node
Line 1441: Line 1524:
 ====Alias====  ====Alias==== 
  
-  echo "alias kg='kubectl get'" >> /etc/bash.bashrc+<code> 
 +cat >> /etc/bash.bashrc <<EOF 
 +#personal 
 +alias ..='cd ../.' 
 +alias ...='cd ../../.' 
 +alias kc='kubectl' 
 +EOF 
 +</code> 
 + 
 +Activate: 
 + 
 +  source /etc/bash.bashrc
  
  
Line 1475: Line 1569:
  
 #author:  Thomas Roehm #author:  Thomas Roehm
-#version: 1.1+#version: 1.2
  
 echo "You´re running version:" echo "You´re running version:"
Line 1484: Line 1578:
  
 apt-get update apt-get update
-apt-cache policy kubeadm+apt-cache policy kubeadm  | head -n 30
  
 echo "" echo ""
Line 1591: Line 1685:
  
 #author:  Thomas Roehm #author:  Thomas Roehm
-#version: 1.1+#version: 1.3
  
 echo "You´re running version:" echo "You´re running version:"
 echo "" echo ""
-su - kubernetes -c "kubectl version"+kubectl version 2> /dev/null
 echo "" echo ""
 read -s -n 1 -p "Press any key to continue . . ." read -s -n 1 -p "Press any key to continue . . ."
 #su - kubernetes -c "read -s -n 1 -p \"Press any key to continue . . .\"" #su - kubernetes -c "read -s -n 1 -p \"Press any key to continue . . .\""
 apt-get update apt-get update
-apt-cache policy kubeadm+apt-cache policy kubeadm | head -n 30
  
 echo "" echo ""
Line 1628: Line 1722:
  
 #author:  Thomas Roehm #author:  Thomas Roehm
-#version: 1.2+#version: 1.3
  
 echo "" echo ""
Line 1634: Line 1728:
 echo "" echo ""
  
-VERSION="20.01.1"+VERSION="20.04.0"
 HOME="/home/kubernetes/" HOME="/home/kubernetes/"
 FILE="${HOME}trident-installer-${VERSION}.tar.gz" FILE="${HOME}trident-installer-${VERSION}.tar.gz"
Line 1648: Line 1742:
         echo ""         echo ""
         sleep 3         sleep 3
 +        su - kubernetes -c "cat <<EOF | kubectl create -f -
 +apiVersion: storage.k8s.io/v1
 +kind: StorageClass
 +metadata:
 +  name: trident-ontap-gold                               #name storage-klasse
 +provisioner: netapp.io/trident
 +parameters:
 +  backendType: "ontap-nas"
 +  #media: "ssd"
 +  provisioningType: "thin"
 +allowVolumeExpansion: true
 +reclaimPolicy: Delete
 +EOF"
         su - kubernetes -c "wget https://github.com/NetApp/trident/releases/download/v${VERSION}/trident-installer-${VERSION}.tar.gz -P ${HOME}"         su - kubernetes -c "wget https://github.com/NetApp/trident/releases/download/v${VERSION}/trident-installer-${VERSION}.tar.gz -P ${HOME}"
         su - kubernetes -c "mv ~/trident-installer ~/trident-installer.old"         su - kubernetes -c "mv ~/trident-installer ~/trident-installer.old"
Line 1662: Line 1769:
  
  
-====Reset k8s==== 
  
-<code sh reset-k8s.sh> 
-#!/bin/bash 
- 
-#author:  Thomas Roehm 
-#version: 1.1 
- 
-HOME="/home/kubernetes" 
- 
-sudo kubeadm reset -f 
-iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X 
-rm -r ${HOME}/.kube 
-</code> 
 ====helm==== ====helm====
  
docker/kubernetes.txt · Last modified: 2022/10/03 15:49 by tmade
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki