Kubernetes: diferència entre les revisions

De WikiMar
Salta a la navegació Salta a la cerca
(Es crea la pàgina amb « ==Kubernetes Administration training== https://beta.etherpad.org/p/cgi Two machines/nodes for testing. On the Master node: <pre> sudo apt-get update sudo apt-ge...».)
 
Línia 3: Línia 3:
==Kubernetes Administration training==
==Kubernetes Administration training==


https://beta.etherpad.org/p/cgi




Two machines/nodes for testing.
https://pastebin.com/D1WrNMew


Two machines/nodes.
On the Master node:
On the Master node:


Línia 40: Línia 42:


</pre>
</pre>
To configure your kubectl client, on the Master node run:
      mkdir -p $HOME/.kube
      sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
Test that kubectl is working by listening the nodes:
      kubectl get nodes
If you made a mistake with the kubeadm init, you can reset it using:
    kubeadm reset


On the Worker Node:
On the Worker Node:
Línia 56: Línia 72:
apt-get install -y kubelet kubeadm kubernetes-cni
apt-get install -y kubelet kubeadm kubernetes-cni
systemctl enable docker.service
systemctl enable docker.service
kubeadm join <connection parameters>
kubeadm join <connection parameters>  


</pre>
</pre>
For the last command, it was printed after the kubeadm init. It could be for example:
    kubeadm join 172.31.44.155:6443 --token gf65x4.cyvrzvyx0w530iwe --discovery-token-ca-cert-hash sha256:6da727e3db049c66d2e26913a413c5188e36791d16ad1e5c6306a638a49ef15d








On the Master Node


Create the following file marti.yaml:
Create the following file marti.yaml:
Línia 111: Línia 131:
Using Firefox try to connect to the the dashboard using the public ip:30080
Using Firefox try to connect to the the dashboard using the public ip:30080


To know which token run on the master:
To know which token to use in login, run on the master:


  # kubectl -n martinamespace describe secret $(kubectl -n kube-system get secret | grep martiusername | awk ' {print $1}')
  # kubectl -n martinamespace describe secret $(kubectl -n kube-system get secret | grep martiusername | awk ' {print $1}')
  kubectl -n martinamespace describe secret $(kubectl -n martinamespace get secret | grep martiusername | awk ' {print $1}')
  kubectl -n martinamespace describe secret $(kubectl -n martinamespace get secret | grep martiusername | awk ' {print $1}')
For troubleshooting:
    docker ps
    kubectl get pods -n kube-system
Create the following file:
<pre>
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny
spec:
  podSelector: {}
  policyTypes:
  - Ingress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-pod
spec:
  podSelector:
    matchLabels:
      app: destination-pod
  ingress:
    - from:
      - podSelector:
          matchLabels:
            app: source-pod
      ports:
        - protocol: TCP
          port: 80
</pre>

Revisió del 15:06, 16 gen 2019


Kubernetes Administration training

https://pastebin.com/D1WrNMew


Two machines/nodes. On the Master node: 

sudo apt-get update
sudo apt-get install -y apt-transport-https
sudo su -
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF

apt-get update
apt-get install -y docker.io
apt-get install -y kubelet kubeadm kubectl kubernetes-cni
systemctl enable docker.service
# kubeadm init

# only one of the following 3:
# WEAVE
kubeadm init
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

#flanel
kubeadm init --pod-network-cidr=10.244.0.0/16
kubectl apply -f "https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml"

# calico
kubeadm init --pod-network-cidr=10.233.64.0/18
kubectl apply -f "https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml"
kubectl apply -f "https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml"


To configure your kubectl client, on the Master node run: 

     mkdir -p $HOME/.kube
     sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

Test that kubectl is working by listening the nodes: 

     kubectl get nodes


If you made a mistake with the kubeadm init, you can reset it using: 

   kubeadm reset


On the Worker Node: 

sudo apt-get update
sudo apt-get install -y apt-transport-https
sudo su -
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF

apt-get update
apt-get install -y docker.io
apt-get install -y kubelet kubeadm kubernetes-cni
systemctl enable docker.service
kubeadm join <connection parameters>

For the last command, it was printed after the kubeadm init. It could be for example: 

    kubeadm join 172.31.44.155:6443 --token gf65x4.cyvrzvyx0w530iwe --discovery-token-ca-cert-hash sha256:6da727e3db049c66d2e26913a413c5188e36791d16ad1e5c6306a638a49ef15d



On the Master Node

Create the following file marti.yaml: 

apiVersion: v1
kind: ServiceAccount
metadata:
 name: martiusername
 namespace: martinamespace

---
 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: martiusername
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: martiusername
  namesapce: martinamespace


Execute it with: 

    kubectl create -f marti.yaml


Instead of: 

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

Download https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml and replace the last part with: 

spec:
       type: NodePort
       ports:
          - port: 8443
            nodePort: 30080

kubectl apply -f kubernetes-dashboard-EDITED.yaml

Using Firefox try to connect to the the dashboard using the public ip:30080

To know which token to use in login, run on the master: 

# kubectl -n martinamespace describe secret $(kubectl -n kube-system get secret | grep martiusername | awk ' {print $1}')
kubectl -n martinamespace describe secret $(kubectl -n martinamespace get secret | grep martiusername | awk ' {print $1}')


For troubleshooting: 

   docker ps
   kubectl get pods -n kube-system




Create the following file: 


apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny
spec:
  podSelector: {}
  policyTypes:
  - Ingress

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-pod
spec:
  podSelector:
    matchLabels:
      app: destination-pod
  ingress:
    - from:
      - podSelector:
          matchLabels:
            app: source-pod
      ports:
        - protocol: TCP
          port: 80
Obtingut de «https://wiki.espai.de/index.php?title=Kubernetes&oldid=1747»