7.8 KiB
Snippets for k3s
- Install k3s
- Disable Traefik-ingress
- Enable NGINX-ingress
- Installation
- Change service type from NodePort to LoadBalancer
- Enable nginx-ingress tcp- and udp-services for apps other than http/s
- Enable client-IP transparency and expose TCP-port 9000
- Deploy my-nginx-service
- Stick the nginx-ingress controler and my-nginx app together
- Test exposed app on TCP-port 9000
Install k3s
curl -sfL https://get.k3s.io | sh -
Disable Traefik-ingress
edit /etc/systemd/system/k3s.service:
[...]
ExecStart=/usr/local/bin/k3s \
server --disable traefik \
[...]
Finally systemctl daemon-reload and systemctl restart k3s
Enable NGINX-ingress
Installation
https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal
Change service type from NodePort to LoadBalancer
kubectl edit service -n ingress-nginx and change type: NodePort to type: LoadBalancer
Port 80 and 443 should listen now on an External-IP kubectl get all --all-namespaces:
[...]
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
[...]
ingress-nginx service/ingress-nginx-controller-admission ClusterIP 10.43.174.128 <none> 443/TCP 35m
ingress-nginx service/ingress-nginx-controller LoadBalancer 10.43.237.255 10.62.94.246 80:30312/TCP,443:30366/TCP 35m
[...]
Test: curl -s http://<External-IP> should return well known nginx-404-page:
dominik@muggler:~$ curl -s http://10.62.94.246
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.1</center>
</body>
</html>
Enable nginx-ingress tcp- and udp-services for apps other than http/s
Docs: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/
kubectl edit deployment -n ingress-nginx and search for spec:/template/spec/containers section:
[...]
spec:
[...]
template:
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
spec:
containers:
- args:
- /nginx-ingress-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- --configmap=ingress-nginx/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
>>> ADD
- --tcp-services-configmap=ingress-nginx/tcp-services
- --udp-services-configmap=ingress-nginx/udp-services
<<< ADD
env:
[...]
Enable client-IP transparency and expose TCP-port 9000
Enable client-IP transparency and expose my-nginx app on nginx-ingress TCP-port 9000: kubectl edit service -n ingress-nginx
Find the ports:-section of the ingress-nginx-controller service and ADD the definition for port 9000:
[...]
spec:
clusterIP: 10.43.237.255
>>> CHANGE externalTrafficPolicy from Cluster to Local if original client-IP is desirable
externalTrafficPolicy: Local
<<< CHANGE
ports:
- name: http
nodePort: 30312
port: 80
protocol: TCP
targetPort: http
- name: https
nodePort: 30366
port: 443
protocol: TCP
targetPort: https
>>> ADD
- name: proxied-tcp-9000
port: 9000
protocol: TCP
targetPort: 9000
<<< ADD
[...]
Verify nginx-ingress is listening on port 9000 with kubectl get all --all-namespaces:
[...]
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
[...]
ingress-nginx service/ingress-nginx-controller LoadBalancer 10.43.237.255 10.62.94.246 80:30312/TCP,443:30366/TCP,9000:31460/TCP 71m
[...]
Deploy my-nginx-service
my-nginx-deployment.yml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
selector:
matchLabels:
run: my-nginx
replicas: 1
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx:alpine
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
run: my-nginx
spec:
ports:
- port: 80
protocol: TCP
selector:
run: my-nginx
Apply with kubectl apply -f my-nginx-deployment.yml:
deployment.apps/my-nginx created
service/my-nginx created
Test: kubectl get all:
[...]
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
[...]
service/my-nginx ClusterIP 10.43.118.13 <none> 80/TCP 99s
[...]
Stick the nginx-ingress controler and my-nginx app together
Finally, the nginx-ingress controller needs a port-mapping pointing to the my-nginx app. This will be done with the config-map tcp-services-config-map.yml, referenced earlier in the nginx-ingress deployment definition:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
9000: "default/my-nginx:80"
Apply with kubectl apply -f tcp-services-config-map.yml:
configmap/tcp-services created
Subsequently the config-map can be edited with kubectl edit configmap tcp-services -n ingress-nginx
Test exposed app on TCP-port 9000
dominik@muggler:~$ curl -s http://10.62.94.246:9000
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.19.2</center>
</body>
</html>
Check logs of my-nginx POD:
root@k3s-master:/k3s# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-nginx-65c68bbcdf-xkhqj 1/1 Running 0 90m
kubectl logs my-nginx-65c68bbcdf-xkhqj -f
[...]
10.42.0.18 - - [23/Aug/2020:16:38:33 +0000] "PROXY TCP4 10.62.94.1 10.42.0.18 48558 9000" 400 157 "-" "-" "-"
[...]