Difference between revisions of "Deploy kubernetes cluster on 2 or more servers ; k8s on-premise"
| Line 174: | Line 174: | ||
Example install elasticsearch: | Example install elasticsearch: | ||
| − | + | helm repo add elastic https://Helm.elastic.co | |
"elastic" has been added to your repositories | "elastic" has been added to your repositories | ||
Revision as of 17:25, 10 November 2020
DRAFT
https://dzone.com/articles/kubespray-10-simple-steps-for-installing-a-product
get all yamls backup kubectl get po,deployment,rc,rs,ds,no,job -o yaml?
all actions under root.
make servers able to communicate cvia ssh with keys ,m like:
on master as root
ssh-keygen -t rsa -b 4096 ssh-copy-id root@<slaveIP>
on slave as root
ssh-keygen -t rsa -b 4096 ssh-copy-id root@<masterIP>
on master rememebr to add /root/.ssh/id_rsa.pub content into /root/.ssh/authorized_keys
this will allow to connect master on himself, yeah this need if we start ansible from master
master+slabve: yum upgrade disable selinux:
setenforce 0 sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
stop and disable firewaal
systemctl stop firewalld systemctl disable firewalld
ON master:
#modprobe br_netfilter #echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables #sysctl -w net.ipv4.ip_forward=1
On Slave:
# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables # sysctl -w net.ipv4.ip_forward=1
next slave and master again:
sudo yum install epel-release sudo yum install ansible
dnf install python3
//// easy_install pip
pip3 install jinja2 --upgrade
on master install kubespay
git clone https://github.com/kubernetes-incubator/kubespray.git
cd kubespray sudo pip install -r requirements.txt
Copy inventory/sample as inventory/ndicluster (change “ndisluter” to any name you want for the cluster)
cp -avr inventory/sample inventory/ndicluster
Update the Ansible inventory file with inventory builder
declare -a IPS=( 213.108.199.13* 213.108.199.14*)
CONFIG_FILE=inventory/ndicluster/hosts.ini python3 contrib/inventory_builder/inventory.py ${IPS[@]}
check the hosts.ini ... it may be generation in differ variants but I;'ve put my to the next view:
[all] node 1 ansible_host=213.108.199.13* ip=213.108.199.13* node2 ansible_host=213.108.199.14* ip=213.108.199.14* [kube-master] node1 [kube-node] node1#should not be there!?? node2 [etcd] node1 [k8s-cluster:children] kube-master kube-node [calico-rr] [vault] #probably add!?? node1 node2
BETTER USE CENTOS7 !
ansible-playbook -i inventory/mycluster/hosts.ini cluster.yml
check
kubectl get pods -A
NOTE: if you like to reinstall you cluster you may do it with reset.yaml:
ansible-playbook -i inventory/ndicluster/hosts.ini reset.yml
and install back after
---dashoboard----
references: #https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
#https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
Insecure way but will allow you to access dashboard quickly w/o proxy: allow dashboard access
kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
create user
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system EOF
apply permissions
cat <<EOF | kubectl apply -f - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system EOF
get token:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Login with token:
https://213.108.19*.*:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#/overview?namespace=default
---HELM---
we will install helm exactly on our master node; but you may easily confifgure the kubectl and helm work from your PC
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh
Init
helm init
Example install elasticsearch:
helm repo add elastic https://Helm.elastic.co "elastic" has been added to your repositories #optional: you may donwload helm chart and modify iot before apply or apply default from repo. whatever #curl -O https://raw.githubusercontent.com/elastic/Helm-charts/master/elasticsearch/examples/minikube/values.yaml #helm install --name elasticsearch elastic/elasticsearch -f ./values.yaml
helm install --name elasticsearch elastic/elasticsearch
