Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_faq:kubernetes_using_single_node_as_master_and_worker [2022/03/10 14:43] – [Мониторинг nginx ingess] admin | linux_faq:kubernetes_using_single_node_as_master_and_worker [2024/04/22 12:38] (current) – [Cert manager] admin | ||
---|---|---|---|
Line 8: | Line 8: | ||
| | ||
echo 'deb http:// | echo 'deb http:// | ||
- | curl -s https:// | + | |
- | | + | |
+ | gpg_keyring_path="/ | ||
+ | curl -fsSL " | ||
+ | |||
+ | cat <<EOF | sudo tee / | ||
+ | overlay | ||
+ | br_netfilter | ||
+ | EOF | ||
+ | |||
+ | sudo modprobe overlay | ||
+ | sudo modprobe br_netfilter | ||
+ | |||
+ | # Setup required sysctl params, these persist across reboots. | ||
+ | cat <<EOF | sudo tee / | ||
+ | net.bridge.bridge-nf-call-iptables | ||
+ | net.ipv4.ip_forward | ||
+ | net.bridge.bridge-nf-call-ip6tables = 1 | ||
+ | EOF | ||
+ | |||
+ | # Apply sysctl params without reboot | ||
+ | sudo sysctl --system | ||
sudo apt-get update | sudo apt-get update | ||
- | sudo apt-get install -y docker.io kubeadm kubelet | + | |
+ | sudo apt-get install -y containerd | ||
| | ||
- | | + | |
- | | + | |
- | | + | |
- | " | + | cat << EOF | sudo tee / |
- | " | + | [Unit] |
- | " | + | |
- | " | + | |
- | }, | + | |
- | " | + | |
- | | + | |
EOF | EOF | ||
| | ||
- | sudo mkdir -p /etc/systemd/system/docker.service.d | + | sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' |
+ | sudo service | ||
| | ||
- | # Enable services and restart docker. | ||
- | sudo systemctl daemon-reload | ||
- | sudo systemctl enable docker | ||
- | sudo systemctl restart docker | ||
- | sudo systemctl enable kubelet.service | ||
| | ||
- | sudo usermod -a -G docker $USER | ||
- | | ||
- | # To ensure that kubelet starts only after docker: | ||
- | cat << EOF | sudo tee / | ||
- | [Unit] | ||
- | After=docker.service | ||
- | EOF | ||
- | |||
# Kubernetes Cluster Init | # Kubernetes Cluster Init | ||
- | sudo kubeadm init --pod-network-cidr=10.244.0.0/ | + | sudo kubeadm init --cri-socket / |
| | ||
mkdir -p $HOME/.kube | mkdir -p $HOME/.kube | ||
Line 121: | Line 127: | ||
===== Установка сервера метрик kubernetes ===== | ===== Установка сервера метрик kubernetes ===== | ||
https:// | https:// | ||
- | kubectl apply -f https:// | + | kubectl apply -f https:// |
В результате в неймспейсе **kube-system** появится **deployment** **metrics-server** и развернется **pod** **metrics-server-...**.\\ | В результате в неймспейсе **kube-system** появится **deployment** **metrics-server** и развернется **pod** **metrics-server-...**.\\ | ||
В нашем кластере отключен **ssl**, но он включен по-дефолту в **metrics-server**. Поэтому выполняем: | В нашем кластере отключен **ssl**, но он включен по-дефолту в **metrics-server**. Поэтому выполняем: | ||
Line 148: | Line 154: | ||
Проверяем возможность апгрейда: | Проверяем возможность апгрейда: | ||
sudo kubeadm upgrade plan | sudo kubeadm upgrade plan | ||
- | Если у нас хост с **containerd** (без **docker**), | + | Если у нас хост с **containerd** (без **docker**), |
- | | + | kubeadm.alpha.kubernetes.io/ |
+ | если этого не сделать - будет ошибка, поскольку | ||
+ | | ||
Обновляем: | Обновляем: | ||
sudo kubeadm upgrade apply v1.20.9 | sudo kubeadm upgrade apply v1.20.9 | ||
Line 273: | Line 281: | ||
</ | </ | ||
- | helm upgrade --reuse-values -n ingress nginx -f ./ | + | helm upgrade --reuse-values -n ingress |
===== Cert manager ===== | ===== Cert manager ===== | ||
- | https://docs.cert-manager.io/ | + | https:// |
- | https://docs.cert-manager.io/en/latest/getting-started/ | + | |
Устанавливаем: | Устанавливаем: | ||
< | < | ||
Line 286: | Line 293: | ||
--namespace cert-manager \ | --namespace cert-manager \ | ||
--create-namespace \ | --create-namespace \ | ||
- | --version v1.5.4 \ | + | |
- | --set installCRDs=true | + | |
+ | --set prometheus.enabled=false | ||
</ | </ | ||
https:// | https:// | ||
Line 377: | Line 385: | ||
# Let's Encrypt will use this to contact you about expiring | # Let's Encrypt will use this to contact you about expiring | ||
# certificates, | # certificates, | ||
- | email: | + | email: |
server: https:// | server: https:// | ||
privateKeySecretRef: | privateKeySecretRef: |