106 lines
2.9 KiB
Markdown
106 lines
2.9 KiB
Markdown
# Cluster playground
|
|
|
|
## patch & install hetzner-kube
|
|
|
|
docker pull golang
|
|
docker run --rm -ti --name=golang golang bash
|
|
git clone https://github.com/xetys/hetzner-kube
|
|
cd hetzner-kube
|
|
sed -i s'/kubernetes-cni/kubernetes-cni=0.6.0-00/' pkg/clustermanager/provision_node.go
|
|
go build
|
|
|
|
docker cp golang:/go/hetzner-kube/hetzner-kube .local/bin/hetzner-kube
|
|
chmod +x .local/bin/hetzner-kube
|
|
|
|
## setup cluster
|
|
|
|
hetzner-kube cluster create --name k8s-test --node-cidr 10.42.23.0/24 --ssh-key melpomene (-w 3)
|
|
hetzner-kube cluster kubeconfig k8s-test
|
|
kubectl cluster-info
|
|
|
|
## helm
|
|
|
|
install kubernetes-helm from your package manager…
|
|
|
|
kubectl apply -f tiller.yaml
|
|
helm init --service-account tiller
|
|
|
|
## rook.io
|
|
|
|
helm repo add rook-beta https://charts.rook.io/beta
|
|
helm install --namespace rook-ceph-system rook-beta/rook-ceph
|
|
kubectl apply -f rook-cluster.yaml
|
|
kubectl apply -f rook-block.yaml
|
|
kubectl patch storageclass rook-ceph-block -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
|
|
kubectl apply -f rook-filesystem.yaml
|
|
kubectl apply -f rook-object.yaml
|
|
|
|
## dashboard
|
|
|
|
kubectl apply -f kubernetes-dashboard.yaml
|
|
|
|
kubectl apply -f admin-user.yaml
|
|
kubectl apply -f admin-role.yaml
|
|
|
|
kubectl -n kube-system get secret | grep admin-user | cut -d' ' -f1
|
|
kubectl -n kube-system describe secret admin-user-token-...
|
|
|
|
kubectl proxy
|
|
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
|
|
|
|
## nginx-ingress
|
|
|
|
kubectl apply -f nginx-ingress.yaml
|
|
kubectl apply -f nginx-nodeport.yaml
|
|
|
|
### frontend LB variante 1
|
|
|
|
scp haproxy.conf root@ssh root@$(hetzner-kube cluster master-ip k8s-test):
|
|
ssh root@$(hetzner-kube cluster master-ip k8s-test)
|
|
apt install -y haproxy
|
|
mv haproxy.cfg /etc/haproxy/haproxy.cfg
|
|
systemctl restart haproxy
|
|
|
|
### frontend LB variante 2
|
|
|
|
ssh root@$(hetzner-kube cluster master-ip k8s-test) apt install -y python
|
|
ansible-playbook -i "$(hetzner-kube cluster master-ip k8s-test)," -u root ansible-haproxy.yaml
|
|
|
|
## static page
|
|
|
|
kubectl apply -f staticpage.yaml
|
|
kubectl proxy
|
|
http://localhost:8001/api/v1/namespaces/testsite/pods/http:static-nginx:/proxy/#!
|
|
|
|
### add ingress
|
|
|
|
kubectl apply -f staticpage-ingress.yaml
|
|
|
|
## set up SSL
|
|
|
|
kubectl create namespace cert-manager
|
|
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
|
|
kubectl apply -f certmanager-manifest.yaml
|
|
|
|
### create issuers
|
|
|
|
adapt email!
|
|
kubectl apply -f letsencrypt-staging.yaml
|
|
kubectl apply -f letsencrypt-prod.yaml
|
|
|
|
### default issuer
|
|
|
|
kubectl apply -f certmanager-default.yaml
|
|
|
|
## add ssl to testsite
|
|
|
|
kubectl apply -f staticpage-ingress-ssl.yaml
|
|
|
|
## test deployment
|
|
|
|
kubectl apply -f k8spress.yaml
|
|
(adapt hostname!)
|
|
|
|
## teardown
|
|
|
|
hetzner-kube cluster delete k8s-test
|