Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
docker:kubernetes [2020/05/20 09:49]
tmade [Ingress]
docker:kubernetes [2020/10/13 13:54] (current)
tmade [Alias]
Line 3: Line 3:
 ====Install==== ====Install====
  
-Install repositories, docker and kubernetes packages on Ubuntu LTS 16.04:+Install repositories, docker and kubernetes packages on Ubuntu LTS 16.04, 18.04, 20.04:
  
-<code sh install-packages.sh>+<code sh install-k8s-packages.sh>
 #!/bin/bash #!/bin/bash
 + 
 +#author:  tmade
 +#version: 1.5
  
-#author:  Thomas Roehm +RELEASE=$(lsb_release -cs) 
-#version: 1.2+ 
 +echo "Install requirements" 
 + 
 +apt-get install \ 
 +    apt-transport-https \ 
 +    ca-certificates \ 
 +    curl \ 
 +    gnupg-agent \ 
 +    software-properties-common
  
 echo "" echo ""
Line 16: Line 27:
 DOCKERINSTALL=$(echo $?) DOCKERINSTALL=$(echo $?)
 echo "" echo ""
 + 
 if [ ${DOCKERINSTALL} -eq "0" ] if [ ${DOCKERINSTALL} -eq "0" ]
 then then
Line 24: Line 35:
         curl -sSL https://get.docker.com | sh         curl -sSL https://get.docker.com | sh
 fi fi
 + 
 echo "" echo ""
 echo "check k8s installation:" echo "check k8s installation:"
Line 30: Line 41:
 KUBEINSTALL=$(echo $?) KUBEINSTALL=$(echo $?)
 echo "" echo ""
 + 
 if [ ${KUBEINSTALL} -eq "0" ] if [ ${KUBEINSTALL} -eq "0" ]
 then then
Line 37: Line 48:
         echo "Installing k8s repository..."         echo "Installing k8s repository..."
         curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -         curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
-        echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list+ echo "deb http://apt.kubernetes.io/ kubernetes-${RELEASE} main" | sudo tee /etc/apt/sources.list.d/kubernetes.list 
 +        #echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
 fi fi
 + 
 echo "" echo ""
 echo "Setup cgroupdriver as systemd" echo "Setup cgroupdriver as systemd"
 echo "" echo ""
 + 
 cat > /etc/docker/daemon.json <<EOF cat > /etc/docker/daemon.json <<EOF
 { {
Line 54: Line 66:
 } }
 EOF EOF
 + 
 # Restart docker. # Restart docker.
 + 
 mkdir -p /etc/systemd/system/docker.service.d mkdir -p /etc/systemd/system/docker.service.d
 systemctl daemon-reload systemctl daemon-reload
 systemctl restart docker systemctl restart docker
 + 
 apt-get update apt-get update
-apt-mark unhold kubernetes-cni kubeadm kubelet kubectl docker-ce+apt-mark unhold kubernetes-cni kubeadm kubelet kubectl docker-ce docker-ce-cli
 echo "" echo ""
 echo "Up- or downgrade docker and k8s packages" echo "Up- or downgrade docker and k8s packages"
 echo "" echo ""
 + 
 apt-cache policy docker-ce  | head -n 30 apt-cache policy docker-ce  | head -n 30
 echo "" echo ""
Line 72: Line 84:
 echo "Version: \"${DVERSION}\" will be installed!" echo "Version: \"${DVERSION}\" will be installed!"
 echo "" echo ""
-apt-get install -y docker-ce=${DVERSION} --allow-downgrades+apt-get install -y docker-ce=${DVERSION} docker-ce-cli=${DVERSION} --allow-downgrades
 echo "" echo ""
 apt-cache policy kubeadm  | head -n 30 apt-cache policy kubeadm  | head -n 30
Line 81: Line 93:
 apt-get install -y kubeadm=${VERSION} kubelet=${VERSION} kubectl=${VERSION} --allow-downgrades apt-get install -y kubeadm=${VERSION} kubelet=${VERSION} kubectl=${VERSION} --allow-downgrades
 echo "" echo ""
-apt-mark hold kubelet kubeadm kubectl docker-ce+apt-mark hold kubelet kubeadm kubectl docker-ce docker-ce-cli
 echo "" echo ""
 echo "k8s packages are installed!" echo "k8s packages are installed!"
Line 87: Line 99:
 </code> </code>
  
-See also on https://kubernetes.io/docs/setup/independent/install-kubeadm/+Check also on https://kubernetes.io/docs/setup/independent/install-kubeadm/
  
  
Line 161: Line 173:
 ====Master==== ====Master====
  
-===Manually===+===Manually Install===
  
 Run **only on master**: Run **only on master**:
Line 167: Line 179:
   kubeadm config images pull                                                                                              #pulling images before setup k8s   kubeadm config images pull                                                                                              #pulling images before setup k8s
   kubeadm init --apiserver-advertise-address=192.168.10.5 --pod-network-cidr=192.168.0.0/16                               #if there are several nic´s you have too choose the management nic/ ip   kubeadm init --apiserver-advertise-address=192.168.10.5 --pod-network-cidr=192.168.0.0/16                               #if there are several nic´s you have too choose the management nic/ ip
-  kubeadm init --pod-network-cidr=192.168.0.0/16                                                                          #set pod-network-cidr+  kubeadm init --pod-network-cidr=192.168.0.0/16                                                                          #set pod-network-cidr to use calico CNI network plugins
      
 **Hint: If you are running your system behind a proxy, you have to make an proxy-exclude ("/etc/environment"):** **Hint: If you are running your system behind a proxy, you have to make an proxy-exclude ("/etc/environment"):**
Line 173: Line 185:
   no_proxy="localhost,127.0.0.1,IP-Master-Node,IP-Worker-Node,IP_Master-Node-Network,10.96.0.0/12,192.168.0.0,::1"   no_proxy="localhost,127.0.0.1,IP-Master-Node,IP-Worker-Node,IP_Master-Node-Network,10.96.0.0/12,192.168.0.0,::1"
  
-To start using your cluster, you need to run the following **as a regular user** with **sudo** rights:+To start using your cluster, you need to run the following **as a regular user** (**sudo rights required!**):
  
-  useradd -s /bin/bash -m kubernetes                                       +  useradd -s /bin/bash -m kubernetes 
 +  echo "kubernetes ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers                                       
   su - kubernetes   su - kubernetes
-  #rm -r $HOME/.kube 
   mkdir -p $HOME/.kube   mkdir -p $HOME/.kube
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
Line 190: Line 202:
 ===Setup-Script=== ===Setup-Script===
  
-Setup k8s - packages have to be installed previously!+Setup k8s - packages (kube*, docker) have to be installed previously!
  
 Check out https://www.tmade.de/wiki/doku.php?id=docker:kubernetes#install Check out https://www.tmade.de/wiki/doku.php?id=docker:kubernetes#install
 +
 +Additionally the k8s-user has to exist with sudo rights (e. g. "useradd -s /bin/bash -m kubernetes") - check also above within same chapter.
  
 Download calico.yaml and dashboard.yaml and create required folderstructure (check variables). Download calico.yaml and dashboard.yaml and create required folderstructure (check variables).
Line 201: Line 215:
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm +#author:  tmade 
-#version: 1.4+#version: 1.5
  
 USER="kubernetes" USER="kubernetes"
Line 213: Line 227:
 DASBOARD="/home/kubernetes/dashboard" DASBOARD="/home/kubernetes/dashboard"
 # filename such as "kubernetes-dashboard-v2.0.0-rc5.yaml" expected # filename such as "kubernetes-dashboard-v2.0.0-rc5.yaml" expected
-DASHVERS="v2.0.0-rc5"+DASHVERS="v2.0.1"
 PODNETWORKADDON="192.168.0.0/16" PODNETWORKADDON="192.168.0.0/16"
  
Line 219: Line 233:
 echo "Setup -------------k8s--------------" echo "Setup -------------k8s--------------"
 echo "" echo ""
-su - kubernetes -c "kubectl version"+su - kubernetes -c "kubectl version 2> /dev/null"
 echo "" echo ""
 su - kubernetes -c "read -s -n 1 -p \"Press any key to continue . . .\"" su - kubernetes -c "read -s -n 1 -p \"Press any key to continue . . .\""
Line 283: Line 297:
  
 echo "" echo ""
-read -p "Do you want to schedule pods on your master? Please enter \"y\" or \"n\": " SCHEDULE+while [ -z $SCHEDULE ] ; 
 +do 
 +      read -p "Do you want to schedule pods on your master? Please enter \"y\" or \"n\": " SCHEDULE 
 +      echo "Please enter \"y\" or \"n\"" 
 +done 
 + 
 +echo ""
 echo "You´ve entered:  \"$SCHEDULE\"" echo "You´ve entered:  \"$SCHEDULE\""
 echo "" echo ""
 +
 if [ $SCHEDULE = y ] if [ $SCHEDULE = y ]
 then then
Line 351: Line 372:
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm+#author:  tmade
 #version: 1.1 #version: 1.1
  
Line 383: Line 404:
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm+#author:  tmade
 #version: 1.2 #version: 1.2
  
Line 441: Line 462:
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm +#author:  tmade 
-#version: 1.2+#version: 1.3
  
-DASHBOARDURLVERSION="v2.0.0"+DASHBOARDURLVERSION="v2.0.4"
 FILE="recommended.yaml" FILE="recommended.yaml"
 URL="https://raw.githubusercontent.com/kubernetes/dashboard/${DASHBOARDURLVERSION}/aio/deploy/${FILE}" URL="https://raw.githubusercontent.com/kubernetes/dashboard/${DASHBOARDURLVERSION}/aio/deploy/${FILE}"
Line 697: Line 718:
 #/bin/bash #/bin/bash
  
-echo "ImportantThe \"Common Name\" (CN) must be the same as the ServiceAccount name (e. g. tmade)!"+#author tmade 
 +#version: 1.5
  
-#author:  Thomas Roehm +echo "" 
-#version1.3+echo "ImportantThe \"Common Name\" (CN) must be the same as the ServiceAccount name (e. gMyHostname)!"
  
 C="DE" C="DE"
 ST="BW" ST="BW"
 L="MyCity" L="MyCity"
-O="tmade+O="MyCompany
-OU="Cluster+OU="MyDepartment
-CN="tmade"+CN="MyHostname"
 MAIL="test@test.com" MAIL="test@test.com"
 CERT="$(echo ~/certs)" CERT="$(echo ~/certs)"
Line 724: Line 746:
 fi fi
  
-openssl req -out kubecfg-${CN}.csr -new -newkey rsa:4096 -nodes -keyout kubecfg-${CN}.key -subj "/\C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}/emailAddress=${MAIL}"+read -p "Please enter your secure certificate password: " PASSWORD 
 +echo "" 
 +echo "Your password set to: \"$PASSWORD\"" 
 +echo "" 
 + 
 +dd if=/dev/urandom of=~/.rnd bs=256 count=1 2> /dev/null 
 +openssl req -out kubecfg-${CN}.csr -new -newkey rsa:4096 -nodes -keyout kubecfg-${CN}.key -subj "/C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}/emailAddress=${MAIL}"
 sudo openssl x509 -req -in kubecfg-${CN}.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out kubecfg-${CN}.crt -days 1000 -sha256 sudo openssl x509 -req -in kubecfg-${CN}.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out kubecfg-${CN}.crt -days 1000 -sha256
-openssl pkcs12 -export -clcerts -inkey kubecfg-${CN}.key -in kubecfg-${CN}.crt -out kubecfg-${CN}.p12 -name "kubernetes-client"+openssl pkcs12 -export -clcerts -inkey kubecfg-${CN}.key -in kubecfg-${CN}.crt -out kubecfg-${CN}.p12 -name "kubernetes-client" -passin pass:$PASSWORD -passout pass:$PASSWORD
  
 echo "" echo ""
Line 769: Line 797:
   namespace: kube-system   namespace: kube-system
 EOF EOF
 +
 +echo ""
 +echo "get the bearer token by running:"
 +echo ""
 +echo "kubectl -n kube-system describe secret \$(kubectl -n kube-system get secret | grep ${CN} | awk '{print \$1}')"
 +echo ""
 </code> </code>
-====Minicube - Pods on Master====+====Running Pods on Master====
  
 Remove the taints on the master so that you can schedule pods on it (doesn´t work on default): Remove the taints on the master so that you can schedule pods on it (doesn´t work on default):
Line 866: Line 900:
   kubectl get serviceaccounts myuser -o yaml   kubectl get serviceaccounts myuser -o yaml
   kubectl get secret | grep myuser   kubectl get secret | grep myuser
-  kubectl get secret myuser-token-1yvwg -o yaml                                            #the exact name from "myuser-token-abcde" you get via "kubectl get secret | grep myuser"+  kubectl get secret myuser-token-1yvwg -o yaml                                            #the exact name of "myuser-token-abcde" you get via "kubectl get secret | grep myuser"
   kubectl delete serviceaccount -n kube-system kubernetes-dashboard                        #namespace=kube-system, username=kubernetes-dashboard   kubectl delete serviceaccount -n kube-system kubernetes-dashboard                        #namespace=kube-system, username=kubernetes-dashboard
  
Line 955: Line 989:
 </code> </code>
  
-====Reset Cluster ====+====Reset Cluster Node ====
  
-If you wanna **reset the whole cluster** to the state after a fresh install, just run this on each node: +  kubeadm reset -f
- +
-  sudo kubeadm reset -f+
   iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X   iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
  
-Delete:+Delete node from cluster:
  
   kubectl drain <node-name> --delete-local-data --force --ignore-daemonsets   kubectl drain <node-name> --delete-local-data --force --ignore-daemonsets
   kubectl delete node <node-name>   kubectl delete node <node-name>
 +
 +====Reset k8s====
 +
 +If you wanna **reset the whole cluster** to the state after a fresh install, just run this on each node:
 +
 +<code sh reset-k8s.sh>
 +#!/bin/bash
 +
 +#author:  tmade
 +#version: 1.2
 +
 +HOME="/home/kubernetes"
 +
 +sudo kubeadm reset -f
 +iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
 +rm -r ${HOME}/.kube 2> /dev/null
 +</code>
  
 ====Single-Node-Cluster==== ====Single-Node-Cluster====
Line 1249: Line 1298:
  
 === Install nginx ingress-controller === === Install nginx ingress-controller ===
 +
 +Check also on https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
  
 <code sh install-nginx-ingress-controller.sh> <code sh install-nginx-ingress-controller.sh>
 #!/bin/bash #!/bin/bash
  
-#author:  Thomas Roehm +#author:  tmade 
-#version: 1.1+#version: 1.3
  
 VERSION="1.6.3" VERSION="1.6.3"
-HOME="/home/kubernetes"+USER="kubernetes" 
 +HOME="/home/${USER}"
 FILE="${HOME}/kubernetes-ingress" FILE="${HOME}/kubernetes-ingress"
  
-if  [ -$FILE ]+if  [ -${FILE]
 then then
-        echo "Downloading Ingress..." 
-else 
         echo ""         echo ""
         echo "${FILE} exists, renaming..."         echo "${FILE} exists, renaming..."
Line 1269: Line 1319:
  
         mv ${FILE} ${FILE}.bak         mv ${FILE} ${FILE}.bak
 +else
 +        echo ""
 +        echo "Downloading Ingress..."
 +        echo ""
 fi fi
  
 +cd ${HOME}
 git clone https://github.com/nginxinc/kubernetes-ingress/ git clone https://github.com/nginxinc/kubernetes-ingress/
 cd kubernetes-ingress/deployments cd kubernetes-ingress/deployments
 git checkout v${VERSION} git checkout v${VERSION}
 +chown -R ${USER}:${USER} ${FILE}
  
 echo "" echo ""
Line 1279: Line 1335:
 echo "" echo ""
  
-kubectl apply -f common/ns-and-sa.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/common/ns-and-sa.yaml"
  
 echo "" echo ""
Line 1285: Line 1341:
 echo "" echo ""
  
-kubectl apply -f rbac/rbac.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/rbac/rbac.yaml"
  
 echo "" echo ""
Line 1291: Line 1347:
 echo "" echo ""
  
-kubectl apply -f common/default-server-secret.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/common/default-server-secret.yaml"
  
 echo "" echo ""
Line 1297: Line 1353:
 echo "" echo ""
  
-kubectl apply -f common/nginx-config.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/common/nginx-config.yaml"
  
 echo "" echo ""
Line 1303: Line 1359:
 echo "" echo ""
  
-kubectl apply -f common/custom-resource-definitions.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/common/custom-resource-definitions.yaml"
  
 echo "" echo ""
Line 1310: Line 1366:
  
 #kubectl apply -f deployment/nginx-ingress.yaml #kubectl apply -f deployment/nginx-ingress.yaml
-kubectl apply -f daemon-set/nginx-ingress.yaml+su - ${USER} -c "kubectl apply -f ~/kubernetes-ingress/deployments/daemon-set/nginx-ingress.yaml"
  
 echo "" echo ""
 echo "Ingress Controller has been installed." echo "Ingress Controller has been installed."
 +echo ""
 +echo "Status - please press \"ctrl + c\" when all pods are running"
 echo "" echo ""
  
-kubectl get pods -A -o wide+watch kubectl get pods -A -o wide
 </code> </code>
  
Line 1380: Line 1438:
 #          servicePort: 80 #          servicePort: 80
  
 +</code>
 +
 +Another example:
 +
 +<code>
 +apiVersion: networking.k8s.io/v1beta1
 +kind: Ingress
 +metadata:
 +  name: simple-fanout-example
 +  annotations:
 +    nginx.ingress.kubernetes.io/rewrite-target: /
 +spec:
 +  rules:
 +  - host: foo.bar.com
 +    http:
 +      paths:
 +      - path: /foo
 +        backend:
 +          serviceName: service1
 +          servicePort: 4200
 +      - path: /bar
 +        backend:
 +          serviceName: service2
 +          servicePort: 8080
 </code> </code>
  
Line 1427: Line 1509:
   kubectl delete -f file.yaml   kubectl delete -f file.yaml
   kubectl autoscale deployment foo --min=2 --max=10   kubectl autoscale deployment foo --min=2 --max=10
 +  kubectl cp file-name pod-name:./destination-path
  
 Logging: Logging:
Line 1432: Line 1515:
   kubectl get events   kubectl get events
   kubectl get events -n default   kubectl get events -n default
 +  kubectl get events -w --all-namespaces
   kubectl delete events --all   kubectl delete events --all
   kubectl logs -n kube-system -p calico-node-xxxxx -c calico-node   kubectl logs -n kube-system -p calico-node-xxxxx -c calico-node
Line 1440: Line 1524:
 ====Alias====  ====Alias==== 
  
-  echo "alias kg='kubectl get'" >> /etc/bash.bashrc+<code> 
 +cat >> /etc/bash.bashrc <<EOF 
 +#personal 
 +alias ..='cd ../.' 
 +alias ...='cd ../../.' 
 +alias kc='kubectl' 
 +EOF 
 +</code> 
 + 
 +Activate: 
 + 
 +  source /etc/bash.bashrc
  
  
Line 1474: Line 1569:
  
 #author:  Thomas Roehm #author:  Thomas Roehm
-#version: 1.1+#version: 1.2
  
 echo "You´re running version:" echo "You´re running version:"
Line 1483: Line 1578:
  
 apt-get update apt-get update
-apt-cache policy kubeadm+apt-cache policy kubeadm  | head -n 30
  
 echo "" echo ""
Line 1590: Line 1685:
  
 #author:  Thomas Roehm #author:  Thomas Roehm
-#version: 1.1+#version: 1.3
  
 echo "You´re running version:" echo "You´re running version:"
 echo "" echo ""
-su - kubernetes -c "kubectl version"+kubectl version 2> /dev/null
 echo "" echo ""
 read -s -n 1 -p "Press any key to continue . . ." read -s -n 1 -p "Press any key to continue . . ."
 #su - kubernetes -c "read -s -n 1 -p \"Press any key to continue . . .\"" #su - kubernetes -c "read -s -n 1 -p \"Press any key to continue . . .\""
 apt-get update apt-get update
-apt-cache policy kubeadm+apt-cache policy kubeadm | head -n 30
  
 echo "" echo ""
Line 1627: Line 1722:
  
 #author:  Thomas Roehm #author:  Thomas Roehm
-#version: 1.2+#version: 1.3
  
 echo "" echo ""
Line 1633: Line 1728:
 echo "" echo ""
  
-VERSION="20.01.1"+VERSION="20.04.0"
 HOME="/home/kubernetes/" HOME="/home/kubernetes/"
 FILE="${HOME}trident-installer-${VERSION}.tar.gz" FILE="${HOME}trident-installer-${VERSION}.tar.gz"
Line 1647: Line 1742:
         echo ""         echo ""
         sleep 3         sleep 3
 +        su - kubernetes -c "cat <<EOF | kubectl create -f -
 +apiVersion: storage.k8s.io/v1
 +kind: StorageClass
 +metadata:
 +  name: trident-ontap-gold                               #name storage-klasse
 +provisioner: netapp.io/trident
 +parameters:
 +  backendType: "ontap-nas"
 +  #media: "ssd"
 +  provisioningType: "thin"
 +allowVolumeExpansion: true
 +reclaimPolicy: Delete
 +EOF"
         su - kubernetes -c "wget https://github.com/NetApp/trident/releases/download/v${VERSION}/trident-installer-${VERSION}.tar.gz -P ${HOME}"         su - kubernetes -c "wget https://github.com/NetApp/trident/releases/download/v${VERSION}/trident-installer-${VERSION}.tar.gz -P ${HOME}"
         su - kubernetes -c "mv ~/trident-installer ~/trident-installer.old"         su - kubernetes -c "mv ~/trident-installer ~/trident-installer.old"
Line 1661: Line 1769:
  
  
-====Reset k8s==== 
  
-<code sh reset-k8s.sh> 
-#!/bin/bash 
- 
-#author:  Thomas Roehm 
-#version: 1.1 
- 
-HOME="/home/kubernetes" 
- 
-sudo kubeadm reset -f 
-iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X 
-rm -r ${HOME}/.kube 
-</code> 
 ====helm==== ====helm====
  
docker/kubernetes.1589960990.txt.gz · Last modified: 2020/05/20 09:49 by tmade
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki