EExcel 丞燕快速查詢2

EExcel 丞燕快速查詢2
EExcel 丞燕快速查詢2 https://sandk.ffbizs.com/

k8s kubernetes Lesson 3 k8s by hand

Kubernetes wiki
https://wiki.gslin.org/wiki/Kubernetes

How to Install a Kubernetes Docker Cluster on CentOS 7
https://www.howtoforge.com/tutorial/centos-kubernetes-docker-cluster/
https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/

https://sueboy.blogspot.com/2019/11/kubernetes-nodeport.html

https://rickhw.github.io/2019/03/17/Container/Install-K8s-with-Kubeadm/

=====
https://www.howtoforge.com/tutorial/centos-kubernetes-docker-cluster/

only one master/node k8s



yum update

setenforce 0
sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

modprobe br_netfilter
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables

swapoff -a

vim /etc/fstab     >> mark swap

yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce

cat << eof > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
        https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

yum install -y kubelet kubeadm kubectl

sudo reboot  


systemctl start docker && systemctl enable docker
systemctl start kubelet && systemctl enable kubelet

docker info | grep -i cgroup

sed -i 's/cgroup-driver=systemd/cgroup-driver=cgroupfs/g' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

systemctl daemon-reload
systemctl restart kubelet


## kubeadm init --apiserver-advertise-address=10.0.15.10 --pod-network-cidr=10.244.0.0/16
kubeadm init --pod-network-cidr=10.244.0.0/16

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

kubectl get nodes
kubectl get pods --all-namespaces

https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#control-plane-node-isolation

kubectl taint nodes --all node-role.kubernetes.io/master-

If use calico
https://docs.projectcalico.org/v3.5/getting-started/kubernetes/

DNS

https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#are-dns-queries-being-received-processed


kubectl -n kube-system edit configmap coredns

# Add log
data:
  Corefile: |
    .:53 {
        log
        errors

PS: As 10.96.0.10 is a Cluster IP, It is not ping-able. You can use telnet or curl.

https://github.com/kubernetes/kubernetes/issues/78926#issuecomment-503898794
So use nslookup


#check DNS
注意: 不要使用busybox:latest,最高版本的nslookup工具有bug

apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - name: busybox
    image: busybox:1.28.4
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
  restartPolicy: Always

kubectl exec -ti busybox -- nslookup kubernetes.default

#check DNS log
for p in $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name); do kubectl logs --namespace=kube-system $p; done

PS: If need to kubeadm reset ... see bootom

Dashboard



##### dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

#modify clusterip -> nodeport
nano kubernetes-dashboard.yaml
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30393
  selector:
    k8s-app: kubernetes-dashboard

kubectl apply -n kube-system -f kubernetes-dashboard.yaml
kubectl -n kube-system get service kubernetes-dashboard



[root@localhost ~]# kubectl -n kube-system get service kubernetes-dashboard
NAME                   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.110.11.88           443:30393/TCP   103

use 30393 EX: https://192.168.99.118:30393 (192.168.99.118 is virtualbox give ip)



Dashboard ERROR NET::ERR_CERT_INVALID

https://github.com/kubernetes/dashboard/issues/2954
https://github.com/kubernetes/dashboard/wiki/Certificate-management

-subj "/C=/ST=/L=/O=/OU=/CN=kubernetes-dashboard"


mkdir certs  ( At user home path )
openssl req -nodes -newkey rsa:2048 -keyout certs/dashboard.key -out certs/dashboard.csr -subj "/C=/ST=/L=/O=/OU=/CN=kubernetes-dashboard"
openssl x509 -req -sha256 -days 365 -in certs/dashboard.csr -signkey certs/dashboard.key -out certs/dashboard.crt

kubectl delete -f kubernetes-dashboard.yaml
kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kube-system
kubectl create -f kubernetes-dashboard.yaml

Try again. https://192.168.99.118:30393





Get Dashboard token

https://github.com/kubernetes/dashboard/wiki/Creating-sample-user


nano dashboard-adminuser.yaml


apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system


kubectl create -f dashboard-adminuser.yaml

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

If see admin-user token, just copy token pass to web login.

IF Get Error

try to Create ClusterRoleBinding

Create dashboard-ClusterRoleBinding.yaml



apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system



kubectl create -f dashboard-ClusterRoleBinding.yaml

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

nodePort range 1-65535



nano /etc/kubernetes/manifests/kube-apiserver.yaml

#add command

--service-node-port-range=1-65535

kubeadm reset


sudo kubeadm reset 
rm -rf .kube

sudo sysctl net.bridge.bridge-nf-call-iptables=1

sudo kubeadm init --pod-network-cidr=10.244.0.0/16

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

kubectl get nodes
kubectl get pods --all-namespaces

kubectl taint nodes --all node-role.kubernetes.io/master-

kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kube-system
kubectl create -f kubernetes-dashboard.yaml

## This login token
kubectl create -f dashboard-adminuser.yaml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

kubectl create -f dashboard-ClusterRoleBinding.yaml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

nano /etc/kubernetes/manifests/kube-apiserver.yaml
#add command
--service-node-port-range=1-65535

... follow up step


kubeadm update



kubeadm upgrade plan

kubeadm upgrade apply

kubeadm command



clear && for p in $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name); do kubectl logs --namespace=kube-system $p; done

kubectl edit cm coredns -n kube-system


coreDNS no response


coreDNS error

coreDNS work correct


How to fix? Only way is reboot OS.

1. coreDNS error 2. reboot os 3.get coreDNS work correct