dominik/k3s
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
f34e081881
k3s/README.md

9.2 KiB
Raw Blame History

Snippets for k3s

Install k3s

https://k3s.io/:

curl -sfL https://get.k3s.io | sh -

Disable Traefik-ingress

edit /etc/systemd/system/k3s.service:

[...]
ExecStart=/usr/local/bin/k3s \
    server --disable traefik \
[...]

Finally systemctl daemon-reload and systemctl restart k3s

Enable NGINX-ingress

Installation

https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal

Change service type from NodePort to LoadBalancer

kubectl edit service -n ingress-nginx ingress-nginx-controller and change type: NodePort to type: LoadBalancer

Port 80 and 443 should listen now on an External-IP kubectl get all --all-namespaces:

[...]
NAMESPACE       NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                      AGE
[...]
ingress-nginx   service/ingress-nginx-controller-admission   ClusterIP      10.43.174.128   <none>         443/TCP                      35m
ingress-nginx   service/ingress-nginx-controller             LoadBalancer   10.43.237.255   10.62.94.246   80:30312/TCP,443:30366/TCP   35m
[...]

Test: curl -s http://<External-IP> should return well known nginx-404-page:

dominik@muggler:~$ curl -s http://10.62.94.246
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.1</center>
</body>
</html>

Enable nginx-ingress tcp- and udp-services for apps other than http/s

Docs: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

kubectl edit deployment -n ingress-nginx ingress-nginx-controller and search for spec:/template/spec/containers section:

[...]
spec:                                                                                  
[...]                                                                  
  template:                                                                            
    metadata:                                  
      creationTimestamp: null                  
      labels:                                  
        app.kubernetes.io/component: controller                 
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx    
    spec:                                        
      containers:                                
      - args:                                    
        - /nginx-ingress-controller              
        - --election-id=ingress-controller-leader
        - --ingress-class=nginx                  
        - --configmap=ingress-nginx/ingress-nginx-controller
        - --validating-webhook=:8443                        
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
>>> ADD 
        - --tcp-services-configmap=ingress-nginx/tcp-services
        - --udp-services-configmap=ingress-nginx/udp-services
<<< ADD
        env:     
[...]

Enable client-IP transparency and expose TCP-port 9000

Enable client-IP transparency (X-Original-Forwarded-For) and expose my-nginx app on nginx-ingress TCP-port 9000: kubectl edit service -n ingress-nginx ingress-nginx-controller Find the ports:-section of the ingress-nginx-controller service and ADD the definition for port 9000:

[...]
spec:   
    clusterIP: 10.43.237.255                                                              
>>> CHANGE externalTrafficPolicy from Cluster to Local if original client-IP is desirable
    externalTrafficPolicy: Local
<<< CHANGE
    ports:
    - name: http                                                                          
      nodePort: 30312                                                                     
      port: 80
      protocol: TCP                                                                       
      targetPort: http                                                                    
    - name: https                                                                         
      nodePort: 30366                                                                     
      port: 443
      protocol: TCP                                                                       
      targetPort: https      
>>> ADD
    - name: proxied-tcp-9000
      port: 9000
      protocol: TCP
      targetPort: 9000
<<< ADD 
[...]

Verify nginx-ingress is listening on port 9000 with kubectl get all --all-namespaces:

[...]
NAMESPACE       NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                                     AGE
[...]
ingress-nginx   service/ingress-nginx-controller             LoadBalancer   10.43.237.255   10.62.94.246   80:30312/TCP,443:30366/TCP,9000:31460/TCP   71m
[...]

Deploy my-nginx-service

my-nginx-deployment.yml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
spec:
  selector:
    matchLabels:
      run: my-nginx
  replicas: 1
  template:
    metadata:
      labels:
        run: my-nginx
    spec:
      containers:
      - name: my-nginx
        image: nginx:alpine
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  labels:
    run: my-nginx
spec:
  ports:
  - port: 80
    protocol: TCP
  selector:
    run: my-nginx

Apply with kubectl apply -f my-nginx-deployment.yml:

deployment.apps/my-nginx created
service/my-nginx created

Test: kubectl get all:

[...]
NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
[...]
service/my-nginx     ClusterIP   10.43.118.13   <none>        80/TCP    99s
[...]

Stick the nginx-ingress controler and my-nginx app together

Finally, the nginx-ingress controller needs a port-mapping pointing to the my-nginx app. This will be done with the config-map tcp-services-config-map.yml, referenced earlier in the nginx-ingress deployment definition:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  "9000": default/my-nginx:80

Apply with kubectl apply -f tcp-services-config-map.yml:

configmap/tcp-services created

Subsequently the config-map can be edited with kubectl edit configmap tcp-services -n ingress-nginx

Changes to config-maps do not take effect on running pods! A re-scale to 0 and back can solve this problem: https://stackoverflow.com/questions/37317003/restart-pods-when-configmap-updates-in-kubernetes

Test exposed app on TCP-port 9000 

dominik@muggler:~$ curl -s http://10.62.94.246:9000
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Check logs of ingress-nginx-controller POD:

root@k3s-master:~# kubectl get pods --all-namespaces |grep ingress-nginx
[...]
ingress-nginx   ingress-nginx-controller-d88d95c-khbv4   1/1     Running     0          4m36s
[...]

root@k3s-master:~# kubectl logs ingress-nginx-controller-d88d95c-khbv4 -f -n ingress-nginx
[...]
[10.62.94.1] [23/Aug/2020:16:38:33 +0000] TCP 200 850 81 0.001
[...]

Check logs of my-nginx POD:

root@k3s-master:/k3s# kubectl get pods
NAME                        READY   STATUS    RESTARTS   AGE
my-nginx-65c68bbcdf-xkhqj   1/1     Running   0          90m

kubectl logs my-nginx-65c68bbcdf-xkhqj -f
[...]
10.42.0.18 - - [23/Aug/2020:16:38:33 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
[...]

Running postfix in kubernetes

https://www.tauceti.blog/post/run-postfix-in-kubernetes/

Important in term of Deployment(one node)/Daemonset(all nodes)

  • hostNetwork: true
  • dnsPolicy: ClusterFirstWithHostNet