Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
linux_faq:kubernetes_using_single_node_as_master_and_worker [2021/12/19 18:29] – [Ingress-controller] admin | linux_faq:kubernetes_using_single_node_as_master_and_worker [2022/04/28 10:22] – [Single node Kubernetes setup - Ubuntu 18.04] admin | ||
---|---|---|---|
Line 8: | Line 8: | ||
| | ||
echo 'deb http:// | echo 'deb http:// | ||
- | curl -s https:// | + | |
- | | + | |
+ | gpg_keyring_path="/ | ||
+ | curl -fsSL " | ||
+ | |||
sudo apt-get update | sudo apt-get update | ||
- | sudo apt-get install -y docker.io kubeadm kubelet | + | |
+ | sudo apt-get install -y containerd | ||
| | ||
- | # Setup Docker daemon. | + | |
- | cat > / | + | containerd config default | sudo tee / |
- | { | + | |
- | " | + | ## Setup Docker daemon. |
- | " | + | |
- | " | + | |
- | " | + | # |
- | }, | + | # |
- | " | + | # |
- | } | + | # |
- | EOF | + | # |
- | + | # | |
- | sudo mkdir -p / | + | |
+ | | ||
| | ||
+ | #sudo mkdir -p / | ||
+ | |||
# Enable services and restart docker. | # Enable services and restart docker. | ||
- | sudo systemctl daemon-reload | + | |
- | sudo systemctl enable docker | + | |
- | sudo systemctl restart docker | + | |
- | sudo systemctl enable kubelet.service | + | |
| | ||
- | sudo usermod -a -G docker $USER | + | |
| | ||
# To ensure that kubelet starts only after docker: | # To ensure that kubelet starts only after docker: | ||
+ | #cat << EOF | sudo tee / | ||
+ | #[Unit] | ||
+ | # | ||
+ | #EOF | ||
+ | |||
cat << EOF | sudo tee / | cat << EOF | sudo tee / | ||
[Unit] | [Unit] | ||
- | After=docker.service | + | After=containerd.service |
EOF | EOF | ||
- | |||
# Kubernetes Cluster Init | # Kubernetes Cluster Init | ||
sudo kubeadm init --pod-network-cidr=10.244.0.0/ | sudo kubeadm init --pod-network-cidr=10.244.0.0/ | ||
Line 56: | Line 67: | ||
kubectl taint nodes --all node-role.kubernetes.io/ | kubectl taint nodes --all node-role.kubernetes.io/ | ||
+ | ====== Настройка манифестов компонентво кубера на слабых маишинках ====== | ||
+ | Я запускаю свой кластер в контейнере на сервере Proxmox, | ||
+ | Чтобы немного облегчить им жизнь и сделать поведение компонентов k8s более предсказуемым нужно увеличить таймауты **livenessProbe**, | ||
+ | Для этого - редактируем манифесты в директории **/ | ||
+ | < | ||
+ | livenessProbe: | ||
+ | failureThreshold: | ||
+ | initialDelaySeconds: | ||
+ | periodSeconds: | ||
+ | timeoutSeconds: | ||
+ | readinessProbe: | ||
+ | failureThreshold: | ||
+ | periodSeconds: | ||
+ | timeoutSeconds: | ||
+ | startupProbe: | ||
+ | failureThreshold: | ||
+ | initialDelaySeconds: | ||
+ | periodSeconds: | ||
+ | timeoutSeconds: | ||
+ | </ | ||
+ | И перезапускаем **kubelet**: | ||
+ | sudo service kubelet restart | ||
====== Изменение редактора kubectl edit ====== | ====== Изменение редактора kubectl edit ====== | ||
sudo awk -v line=' | sudo awk -v line=' | ||
Line 106: | Line 139: | ||
< | < | ||
Без этого параметра metrics-server не запустится, | Без этого параметра metrics-server не запустится, | ||
- | << | + | < |
Все. Через некоторое время команды **kubectl top** начнут выдавать осмысленную информацию. \\ | Все. Через некоторое время команды **kubectl top** начнут выдавать осмысленную информацию. \\ | ||
Если этого не происходит, | Если этого не происходит, | ||
Line 126: | Line 159: | ||
Проверяем возможность апгрейда: | Проверяем возможность апгрейда: | ||
sudo kubeadm upgrade plan | sudo kubeadm upgrade plan | ||
- | Если у нас хост с **containerd** (без **docker**), | + | Если у нас хост с **containerd** (без **docker**), |
- | | + | kubeadm.alpha.kubernetes.io/ |
+ | если этого не сделать - будет ошибка, поскольку | ||
+ | | ||
Обновляем: | Обновляем: | ||
sudo kubeadm upgrade apply v1.20.9 | sudo kubeadm upgrade apply v1.20.9 | ||
Line 187: | Line 222: | ||
В результате - в неймспейсе **ingress** появится сервис **nginx-ingress-nginx-controller**, | В результате - в неймспейсе **ingress** появится сервис **nginx-ingress-nginx-controller**, | ||
Теперь можно создавать **ingress**' | Теперь можно создавать **ingress**' | ||
+ | ==== Мониторинг nginx ingess ==== | ||
+ | В кластере нужно развернуть **CRD** и оператор **prometheus**: | ||
+ | \\ | ||
+ | **nginx-ingress-monitoring-values.yaml** | ||
+ | < | ||
+ | controller: | ||
+ | metrics: | ||
+ | port: 10254 | ||
+ | enabled: true | ||
+ | service: | ||
+ | annotations: | ||
+ | prometheus.io/ | ||
+ | prometheus.io/ | ||
+ | servicePort: | ||
+ | type: ClusterIP | ||
+ | |||
+ | serviceMonitor: | ||
+ | enabled: true | ||
+ | additionalLabels: | ||
+ | jobLabel: nginx-ingress | ||
+ | namespace: " | ||
+ | namespaceSelector: | ||
+ | matchNames: | ||
+ | - ingress | ||
+ | scrapeInterval: | ||
+ | |||
+ | prometheusRule: | ||
+ | enabled: true | ||
+ | namespace: ingress | ||
+ | rules: | ||
+ | - alert: NGINXConfigFailed | ||
+ | expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 | ||
+ | for: 1s | ||
+ | labels: | ||
+ | severity: critical | ||
+ | annotations: | ||
+ | description: | ||
+ | summary: uninstall the latest ingress changes to allow config reloads to resume | ||
+ | - alert: NGINXCertificateExpiry | ||
+ | expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 | ||
+ | for: 1s | ||
+ | labels: | ||
+ | severity: critical | ||
+ | annotations: | ||
+ | description: | ||
+ | summary: renew expiring certificates to avoid downtime | ||
+ | - alert: NGINXTooMany500s | ||
+ | expr: 100 * ( sum( nginx_ingress_controller_requests{status=~" | ||
+ | for: 1m | ||
+ | labels: | ||
+ | severity: warning | ||
+ | annotations: | ||
+ | description: | ||
+ | summary: More than 5% of all requests returned 5XX, this requires your attention | ||
+ | - alert: NGINXTooMany400s | ||
+ | expr: 100 * ( sum( nginx_ingress_controller_requests{status=~" | ||
+ | for: 1m | ||
+ | labels: | ||
+ | severity: warning | ||
+ | annotations: | ||
+ | description: | ||
+ | summary: More than 5% of all requests returned 4XX, this requires your attention | ||
+ | </ | ||
+ | helm upgrade --reuse-values -n ingress nginx ingress-nginx/ | ||
===== Cert manager ===== | ===== Cert manager ===== | ||
https:// | https:// | ||
Line 200: | Line 299: | ||
--namespace cert-manager \ | --namespace cert-manager \ | ||
--create-namespace \ | --create-namespace \ | ||
- | --version v1.5.4 | + | |
- | --set installCRDs=true | + | |
</ | </ | ||
https:// | https:// | ||
Line 291: | Line 390: | ||
# Let's Encrypt will use this to contact you about expiring | # Let's Encrypt will use this to contact you about expiring | ||
# certificates, | # certificates, | ||
- | email: | + | email: |
server: https:// | server: https:// | ||
privateKeySecretRef: | privateKeySecretRef: |