Kubernetes: Difference between revisions
Jump to navigation
Jump to search
| (29 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= Dummy = | |||
<pre> | |||
</pre> | |||
=Cheats and random commands= | =Cheats and random commands= | ||
* https://kubectlcheatsheet.com/ | * https://kubectlcheatsheet.com/ | ||
| Line 4: | Line 10: | ||
<pre> | <pre> | ||
kubectl apply -f - <<EOF | |||
apiVersion: v1 | |||
kind: ServiceAccount | |||
metadata: | |||
name: kubectl-actions | |||
namespace: my-v2-restore | |||
EOF | |||
kubectl get all,pvc,ingress,certificaterequests,orders,certificates,secret,cronjob,configmap -n nextcloud | |||
kubectl describe nodes | kubectl describe nodes | ||
sudo journalctl -u k3s | sudo journalctl -u k3s | ||
kubectl scale deployment my-deployment --replicas=0 | |||
kubectl scale deployment my-deployment --replicas=3 | |||
export IP_HELLO=192.168.0.137 | export IP_HELLO=192.168.0.137 | ||
curl --resolve "pi5:80:$IP_HELLO" -i http://pi5 | curl --resolve "pi5:80:$IP_HELLO" -i http://pi5 | ||
for p in $(kubectl get pods | grep Terminating | awk '{print $1}'); do kubectl delete pod $p --grace-period=0 --force;done | |||
/etc/kubernetes/admin.conf | |||
~/.kube/config | |||
</pre> | </pre> | ||
= | = Nextcloud = | ||
https:// | <pre> | ||
helm repo add nextcloud https://nextcloud.github.io/helm/ | |||
helm install my-release nextcloud/nextcloud | |||
</pre> | |||
Database Warning: | |||
<pre> | |||
export APP_HOST=127.0.0.1 | |||
export APP_PASSWORD=$(kubectl get secret --namespace default my-release-nextcloud -o jsonpath="{.data.nextcloud-password}" | base64 --decode) | |||
helm upgrade my-release nextcloud/nextcloud \ | |||
--set nextcloud.password=$APP_PASSWORD,nextcloud.host=$APP_HOST,service.type=ClusterIP,mariadb.enabled=false,externalDatabase.user=nextcloud,externalDatabase.database=nextcloud,externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST | |||
</pre> | |||
= Cert manager = | |||
<pre> | <pre> | ||
helm | helm install \ | ||
-- | cert-manager jetstack/cert-manager \ | ||
--namespace | --namespace cert-manager \ | ||
--create-namespace \ | |||
--version v1.17.2 \ | |||
--set crds.enabled=true | |||
</pre> | </pre> | ||
= | = Metallb= | ||
<pre> | |||
helm repo add metallb https://metallb.github.io/metallb | |||
helm install metallb metallb/metallb | |||
</pre> | |||
<pre> | <pre> | ||
kubectl | kubectl apply -f - <<EOF | ||
apiVersion: metallb.io/v1beta1 | |||
kind: IPAddressPool | |||
metadata: | |||
name: first-pool | |||
namespace: kube-system | |||
spec: | |||
addresses: | |||
- 192.168.0.30-192.168.0.35 | |||
--- | |||
--- | |||
apiVersion: metallb.io/v1beta1 | |||
kind: L2Advertisement | |||
metadata: | |||
name: l2adv | |||
namespace: kube-system | |||
spec: | |||
ipAddressPools: | |||
- first-pool | |||
EOF | |||
</pre> | </pre> | ||
= | =make a storage class default= | ||
<pre> | <pre> | ||
kubectl patch storageclass nfs-client -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' | |||
kubectl | |||
</pre> | </pre> | ||
= install | =install kubespray= | ||
<pre> | <pre> | ||
git clone https://github.com/kubernetes-sigs/kubespray.git | |||
cd kubespray | |||
./ | git switch -c release-2.26 origin/release-2.26 | ||
#or shorter | |||
git clone --depth 1 --branch release-2.26 https://github.com/kubernetes-sigs/kubespray.git | |||
</pre> | </pre> | ||
Activate kubespray env snippet: | |||
<pre> | <pre> | ||
VENVDIR=kubespray-venv | |||
python3 -m venv $VENVDIR | |||
source $VENVDIR/bin/activate | |||
pip install -U -r requirements.txt | |||
ansible-playbook -i inventory/mycluster/inventory.ini --become --become-user=root cluster.yml -v | |||
</pre> | </pre> | ||
| Line 75: | Line 146: | ||
'–advertise-address=192.168.0.137' \ | '–advertise-address=192.168.0.137' \ | ||
'-tls-san=192.168.0.137' \ | '-tls-san=192.168.0.137' \ | ||
</pre> | |||
=install nginx ingress controller= | |||
https://docs.k3s.io/cluster-access | |||
<pre> | |||
helm upgrade --install ingress-nginx ingress-nginx \ | |||
--repo https://kubernetes.github.io/ingress-nginx \ | |||
--namespace ingress-nginx --create-namespace | |||
</pre> | |||
* https://github.com/rancher/rancher/issues/35053 | |||
<pre> | |||
helm upgrade --install ingress-nginx ingress-nginx \ | |||
--repo https://kubernetes.github.io/ingress-nginx \ | |||
--namespace ingress-nginx --create-namespace \ | |||
--set ingressClassResource.default=true \ | |||
--set controller.watchIngressWithoutClass=true | |||
</pre> | |||
=patch ingress controller config= | |||
<pre> | |||
kubectl patch cm ingress-nginx-controller -n ingress-nginx -p '{"data":{"annotations-risk-level":"Critical"}}' | |||
kubectl patch cm ingress-nginx-controller -n ingress-nginx -p '{"data":{"strict-validate-path-type":"false"}}' | |||
kubectl patch cm ingress-nginx-controller -n ingress-nginx -p '{"data":{"enable-snippet-annotations":"true"}}' | |||
</pre> | |||
= install helm = | |||
<pre> | |||
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |||
chmod 700 get_helm.sh | |||
./get_helm.sh | |||
</pre> | |||
= access k3s cluster via helm = | |||
<pre> | |||
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml | |||
kubectl get pods --all-namespaces | |||
helm ls --all-namespaces | |||
</pre> | |||
= helmfile = | |||
<pre> | |||
mkdir helmfile && cd helmfile | |||
wget https://github.com/helmfile/helmfile/releases/download/v1.0.0-rc.12/helmfile_1.0.0-rc.12_linux_amd64.tar.gz | |||
tar xvzf helmfile_1.0.0-rc.12_linux_amd64.tar.gz | |||
sudo mv helmfile /usr/local/bin | |||
helmfile apply -e dev -n opendesk | |||
helmfile apply -e dev -n opendesk -l component=collabora | |||
</pre> | |||
= install helm-diff= | |||
<pre> | |||
helm plugin install https://github.com/databus23/helm-diff | |||
</pre> | </pre> | ||
Latest revision as of 10:32, 30 April 2025
Dummy
Cheats and random commands
kubectl apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubectl-actions
namespace: my-v2-restore
EOF
kubectl get all,pvc,ingress,certificaterequests,orders,certificates,secret,cronjob,configmap -n nextcloud
kubectl describe nodes
sudo journalctl -u k3s
kubectl scale deployment my-deployment --replicas=0
kubectl scale deployment my-deployment --replicas=3
export IP_HELLO=192.168.0.137
curl --resolve "pi5:80:$IP_HELLO" -i http://pi5
for p in $(kubectl get pods | grep Terminating | awk '{print $1}'); do kubectl delete pod $p --grace-period=0 --force;done
/etc/kubernetes/admin.conf
~/.kube/config
Nextcloud
helm repo add nextcloud https://nextcloud.github.io/helm/ helm install my-release nextcloud/nextcloud
Database Warning:
export APP_HOST=127.0.0.1
export APP_PASSWORD=$(kubectl get secret --namespace default my-release-nextcloud -o jsonpath="{.data.nextcloud-password}" | base64 --decode)
helm upgrade my-release nextcloud/nextcloud \
--set nextcloud.password=$APP_PASSWORD,nextcloud.host=$APP_HOST,service.type=ClusterIP,mariadb.enabled=false,externalDatabase.user=nextcloud,externalDatabase.database=nextcloud,externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST
Cert manager
helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.17.2 \ --set crds.enabled=true
Metallb
helm repo add metallb https://metallb.github.io/metallb helm install metallb metallb/metallb
kubectl apply -f - <<EOF apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: name: first-pool namespace: kube-system spec: addresses: - 192.168.0.30-192.168.0.35 --- --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: l2adv namespace: kube-system spec: ipAddressPools: - first-pool EOF
make a storage class default
kubectl patch storageclass nfs-client -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
install kubespray
git clone https://github.com/kubernetes-sigs/kubespray.git cd kubespray git switch -c release-2.26 origin/release-2.26 #or shorter git clone --depth 1 --branch release-2.26 https://github.com/kubernetes-sigs/kubespray.git
Activate kubespray env snippet:
VENVDIR=kubespray-venv python3 -m venv $VENVDIR source $VENVDIR/bin/activate pip install -U -r requirements.txt ansible-playbook -i inventory/mycluster/inventory.ini --become --become-user=root cluster.yml -v
install k3s
with rights to access it as user
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC='--write-kubeconfig-mode=644' sh - curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="server" sh -s - --flannel-backend none curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="server" sh -s - --token 424242
change interface
https://jaehong21.com/posts/k3s/02-access-outside/
sudo vi /etc/systemd/system/k3s.service
ExecStart=/usr/local/bin/k3s \
server \
'--disable=traefik' \
'--token' \
'12345' \
'--write-kubeconfig-mode=644' \
'–advertise-address=192.168.0.137' \
'-tls-san=192.168.0.137' \
install nginx ingress controller
https://docs.k3s.io/cluster-access
helm upgrade --install ingress-nginx ingress-nginx \ --repo https://kubernetes.github.io/ingress-nginx \ --namespace ingress-nginx --create-namespace
helm upgrade --install ingress-nginx ingress-nginx \ --repo https://kubernetes.github.io/ingress-nginx \ --namespace ingress-nginx --create-namespace \ --set ingressClassResource.default=true \ --set controller.watchIngressWithoutClass=true
patch ingress controller config
kubectl patch cm ingress-nginx-controller -n ingress-nginx -p '{"data":{"annotations-risk-level":"Critical"}}'
kubectl patch cm ingress-nginx-controller -n ingress-nginx -p '{"data":{"strict-validate-path-type":"false"}}'
kubectl patch cm ingress-nginx-controller -n ingress-nginx -p '{"data":{"enable-snippet-annotations":"true"}}'
install helm
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh
access k3s cluster via helm
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl get pods --all-namespaces helm ls --all-namespaces
helmfile
mkdir helmfile && cd helmfile wget https://github.com/helmfile/helmfile/releases/download/v1.0.0-rc.12/helmfile_1.0.0-rc.12_linux_amd64.tar.gz tar xvzf helmfile_1.0.0-rc.12_linux_amd64.tar.gz sudo mv helmfile /usr/local/bin helmfile apply -e dev -n opendesk helmfile apply -e dev -n opendesk -l component=collabora
install helm-diff
helm plugin install https://github.com/databus23/helm-diff
remove k3s
/usr/local/bin/k3s-uninstall.sh
show everything in a namespace
kubectl --namespace=gitlab-runner show all
get shell
kubectl exec --stdin --tty shell-demo -- /bin/bash
events
kubectl get events --namespace=gitlab-runner
get all events
kubectl get events --all-namespaces --sort-by='.metadata.creationTimestamp'
create namespace
kubectl create ns gitlab-runner
gitlab-runner
For swep20:
cd ~/kubernetes/gitlab-runner/ helm install --namespace gitlab-runner gitlab-runner-swep20-2 -f values_swep20.yaml gitlab/gitlab-runner helm uninstall gitlab-runner --namespace=gitlab-runner
edit configmap via editor
kubectl edit cm -n kube-system coredns
Recreate/Restart after edit:
kubectl delete pod coredns
fix gitlab-runner for docker in docker
Edit config map and add following before runner start command:
# Add docker volumes
cat >> /home/gitlab-runner/.gitlab-runner/config.toml << EOF
[[runners.kubernetes.volumes.host_path]]
name = "alias-docker-in-docker"
mount_path = "/var/run/docker.sock"
read_only = true
host_path = "/var/run/docker.sock"
EOF
add helm charts
helm repo add stable https://charts.helm.sh/stable helm repo add gitlab https://charts.gitlab.io/ helm repo update
cluster info
kubectl cluster-info
delete service and deployment
- https://www.slingacademy.com/article/how-to-completely-remove-a-kubernetes-deployment-with-examples/
kubectl get all kubectl delete svc XY kubectl delete deployment XY kubectl delete pod XY kubectl delete ns XYZ