Differences

This shows you the differences between two versions of the page.

--- linux_faq:kubernetes_using_single_node_as_master_and_worker [2022/04/24 13:31] – [Ingress, Cert-Manager и сертификаты Let's Encrypt] admin
+++ linux_faq:kubernetes_using_single_node_as_master_and_worker [2024/04/22 12:38] (current) – [Cert manager] admin
@@ Line 8: / Line 8: @@
   echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' | sudo tee /etc/apt/sources.list.d/kubernetes.list
-  curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
+  ######### curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
+  gpg_key_url="https://packages.cloud.google.com/apt/doc/apt-key.gpg"
+  gpg_keyring_path="/etc/apt/trusted.gpg.d/kubernetes.gpg"
+  curl -fsSL "${gpg_key_url}" | gpg --dearmor | sudo tee -a ${gpg_keyring_path}
+  cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
+  overlay
+  br_netfilter
+  EOF
+  sudo modprobe overlay
+  sudo modprobe br_netfilter
+  # Setup required sysctl params, these persist across reboots.
+  cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
+  net.bridge.bridge-nf-call-iptables  = 1
+  net.ipv4.ip_forward                 = 1
+  net.bridge.bridge-nf-call-ip6tables = 1
+  EOF
+  # Apply sysctl params without reboot
+  sudo sysctl --system
   sudo apt-get update
-  sudo apt-get install -y docker.io kubeadm kubelet
+  #sudo apt-get install -y docker.io kubeadm kubelet
+  sudo apt-get install -y containerd kubeadm kubelet
-  # Setup Docker daemon.
+  sudo mkdir -p /etc/containerd
-  cat > /etc/docker/daemon.json <<EOF
+  containerd config default | sudo tee /etc/containerd/config.toml
-  {
-    "exec-opts": ["native.cgroupdriver=systemd"],
+  cat << EOF | sudo tee /etc/systemd/system/kubelet.service.d/12-after-docker.conf
-    "log-driver": "json-file",
+  [Unit]
-    "log-opts": {
+  After=containerd.service
-      "max-size": "100m"
-    },
-    "storage-driver": "overlay2"
-  }
   EOF
-  sudo mkdir -p /etc/systemd/system/docker.service.d
+  sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
+  sudo service containerd restart
-  # Enable services and restart docker.
-  sudo systemctl daemon-reload
-  sudo systemctl enable docker
-  sudo systemctl restart docker
-  sudo systemctl enable kubelet.service
-  sudo usermod -a -G docker $USER
-  # To ensure that kubelet starts only after docker:
-  cat << EOF | sudo tee /etc/systemd/system/kubelet.service.d/12-after-docker.conf
-  [Unit]
-  After=docker.service
-  EOF
   # Kubernetes Cluster Init
-  sudo kubeadm init --pod-network-cidr=10.244.0.0/16
+  sudo kubeadm init --cri-socket /run/containerd/containerd.sock --pod-network-cidr=10.244.0.0/16
   mkdir -p $HOME/.kube
@@ Line 121: / Line 127: @@
 ===== Установка сервера метрик kubernetes =====
 https://github.com/kubernetes-sigs/metrics-server
-  kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
+  kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
 В результате в неймспейсе **kube-system** появится **deployment** **metrics-server** и развернется **pod** **metrics-server-...**.\\
 В нашем кластере отключен **ssl**, но он включен по-дефолту в **metrics-server**. Поэтому выполняем:
@@ Line 277: / Line 283: @@
   helm upgrade --reuse-values -n ingress nginx ingress-nginx/ingress-nginx -f ./nginx-ingress-monitoring-values.yaml
 ===== Cert manager =====
-https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/
+https://cert-manager.io/docs/installation/helm/ \\
-https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html#installing-with-helm \\
 Устанавливаем:
 <code>kubectl create namespace cert-manager
@@ Line 289: / Line 294: @@
   --create-namespace \
   --set installCRDs=true \
-  --version v1.5.4
+  --version v1.14.4 \
+  --set prometheus.enabled=false
 </code>
 https://docs.cert-manager.io/en/latest/tasks/issuers/index.html \\