# Snippets for k3s * [Install k3s](#install-k3s) * [Disable Traefik-ingress](#disable-traefik-ingress) * [Enable NGINX-ingress](#enable-nginx-ingress) * [Installation](#install-nginx-ingress) * [Change service type from NodePort to LoadBalancer](#nginx-ingress-loadbalancer) * [Enable nginx-ingress tcp- and udp-services for apps other than http/s](#nginx-ingress-tcp-udp-enabled) * [Enable client-IP transparency and expose TCP-port 9000](#enable-client-ip-transp-expose-tcp-9000) * [Deploy my-nginx-service](#deploy-my-nginx-service) * [Stick the nginx-ingress controler and my-nginx app together](#stick-nginx-ingress-and-tcp-service) * [Test exposed app on TCP-port 9000](#test-nginx-ingress-and-tcp-service) * [Running postfix in kubernetes](#running-postfix-in-kuberentes) ## Install k3s https://k3s.io/: ``` curl -sfL https://get.k3s.io | sh - ``` ## Disable Traefik-ingress edit /etc/systemd/system/k3s.service: ``` [...] ExecStart=/usr/local/bin/k3s \ server --disable traefik \ [...] ``` Finally `systemctl daemon-reload` and `systemctl restart k3s` ## Enable NGINX-ingress ### Installation https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal ### Change service type from NodePort to LoadBalancer `kubectl edit service -n ingress-nginx ingress-nginx-controller` and change `type: NodePort` to `type: LoadBalancer` Port 80 and 443 should listen now on an *External-IP* `kubectl get all --all-namespaces`: ``` [...] NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE [...] ingress-nginx service/ingress-nginx-controller-admission ClusterIP 10.43.174.128 443/TCP 35m ingress-nginx service/ingress-nginx-controller LoadBalancer 10.43.237.255 10.62.94.246 80:30312/TCP,443:30366/TCP 35m [...] ``` Test: `curl -s http://` should return well known nginx-404-page: ``` dominik@muggler:~$ curl -s http://10.62.94.246 404 Not Found

404 Not Found

nginx/1.19.1 ``` ### Enable nginx-ingress tcp- and udp-services for apps other than http/s Docs: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/ `kubectl edit deployment -n ingress-nginx ingress-nginx-controller` and search for `spec:`/`template`/`spec`/`containers` section: ``` [...] spec: [...] template: metadata: creationTimestamp: null labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx spec: containers: - args: - /nginx-ingress-controller - --election-id=ingress-controller-leader - --ingress-class=nginx - --configmap=ingress-nginx/ingress-nginx-controller - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key >>> ADD - --tcp-services-configmap=ingress-nginx/tcp-services - --udp-services-configmap=ingress-nginx/udp-services <<< ADD env: [...] ``` ## Enable client-IP transparency and expose TCP-port 9000 Enable client-IP transparency (X-Original-Forwarded-For) and expose my-nginx app on nginx-ingress TCP-port 9000: `kubectl edit service -n ingress-nginx ingress-nginx-controller` Find the `ports:`-section of the `ingress-nginx-controller` service and *ADD* the definition for port 9000: ``` [...] spec: clusterIP: 10.43.237.255 >>> CHANGE externalTrafficPolicy from Cluster to Local if original client-IP is desirable externalTrafficPolicy: Local <<< CHANGE ports: - name: http nodePort: 30312 port: 80 protocol: TCP targetPort: http - name: https nodePort: 30366 port: 443 protocol: TCP targetPort: https >>> ADD - name: proxied-tcp-9000 port: 9000 protocol: TCP targetPort: 9000 <<< ADD [...] ``` Verify nginx-ingress is listening on port 9000 with `kubectl get all --all-namespaces`: ``` [...] NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE [...] ingress-nginx service/ingress-nginx-controller LoadBalancer 10.43.237.255 10.62.94.246 80:30312/TCP,443:30366/TCP,9000:31460/TCP 71m [...] ``` ### Deploy my-nginx-service my-nginx-deployment.yml: ``` apiVersion: apps/v1 kind: Deployment metadata: name: my-nginx spec: selector: matchLabels: run: my-nginx replicas: 1 template: metadata: labels: run: my-nginx spec: containers: - name: my-nginx image: nginx:alpine ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: my-nginx labels: run: my-nginx spec: ports: - port: 80 protocol: TCP selector: run: my-nginx ``` Apply with `kubectl apply -f my-nginx-deployment.yml`: ``` deployment.apps/my-nginx created service/my-nginx created ``` Test: `kubectl get all`: ``` [...] NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE [...] service/my-nginx ClusterIP 10.43.118.13 80/TCP 99s [...] ``` ## Stick the nginx-ingress controler and my-nginx app together Finally, the nginx-ingress controller needs a port-mapping pointing to the my-nginx app. This will be done with the config-map `tcp-services-config-map.yml`, referenced earlier in the nginx-ingress deployment definition: ``` --- apiVersion: v1 kind: ConfigMap metadata: name: tcp-services namespace: ingress-nginx data: "9000": default/my-nginx:80::PROXY ``` Apply with `kubectl apply -f tcp-services-config-map.yml`: ``` configmap/tcp-services created ``` Subsequently the config-map can be edited with `kubectl edit configmap tcp-services -n ingress-nginx` **Changes to config-maps do not take effect on running pods! A re-scale to 0 and back can solve this problem: https://stackoverflow.com/questions/37317003/restart-pods-when-configmap-updates-in-kubernetes** ## Test exposed app on TCP-port 9000 ``` dominik@muggler:~$ curl -s http://10.62.94.246:9000 400 Bad Request

400 Bad Request

nginx/1.19.2 ``` Check logs of my-nginx POD: ``` root@k3s-master:/k3s# kubectl get pods NAME READY STATUS RESTARTS AGE my-nginx-65c68bbcdf-xkhqj 1/1 Running 0 90m ``` ``` kubectl logs my-nginx-65c68bbcdf-xkhqj -f [...] 10.42.0.18 - - [23/Aug/2020:16:38:33 +0000] "PROXY TCP4 10.62.94.1 10.42.0.18 48558 9000" 400 157 "-" "-" "-" [...] ``` # Running postfix in kubernetes name="running-postfix-in-kuberentes" https://www.tauceti.blog/post/run-postfix-in-kubernetes/ Important in term of Deployment(one node)/Daemonset(all nodes) * hostNetwork: true * dnsPolicy: ClusterFirstWithHostNet