Created
July 5, 2021 02:51
-
-
Save saiyam1814/e239021ef17298badbb9e76c678efc8a to your computer and use it in GitHub Desktop.
Kubernetes + containerd setup and longhorn deep dive
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Controlplane=74.220.21.97 | |
worker1=74.220.17.184 | |
worker2=74.220.20.154 | |
worker3=74.220.18.125 | |
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf | |
overlay | |
br_netfilter | |
EOF | |
sudo modprobe overlay | |
sudo modprobe br_netfilter | |
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf | |
net.bridge.bridge-nf-call-iptables = 1 | |
net.ipv4.ip_forward = 1 | |
net.bridge.bridge-nf-call-ip6tables = 1 | |
EOF | |
sudo sysctl --system | |
sudo apt-get update && sudo apt-get install -y containerd | |
sudo mkdir -p /etc/containerd | |
sudo containerd config default | sudo tee /etc/containerd/config.toml | |
sudo systemctl restart containerd | |
sudo swapoff -a | |
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab | |
sudo apt-get update && sudo apt-get install -y apt-transport-https curl | |
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - | |
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list | |
deb https://apt.kubernetes.io/ kubernetes-xenial main | |
EOF | |
sudo apt-get update | |
sudo apt-get install -y kubelet=1.21.2-00 kubeadm=1.21.2-00 kubectl=1.21.2-00 | |
sudo apt-mark hold kubelet kubeadm kubectl | |
Install longhorn | |
================= | |
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.1.1/deploy/longhorn.yaml | |
##Install Kubestr | |
================= | |
curl -LO https://github.com/kastenhq/kubestr/releases/download/v0.4.17/kubestr-v0.4.17-linux-amd64.tar.gz | |
tar -xvf kubestr-v0.4.17-linux-amd64.tar.gz | |
Creating CRD's and snapshor controller | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml | |
##Create volume snapshot class | |
===================== | |
cat << EOF | kubectl apply -f - | |
kind: VolumeSnapshotClass | |
apiVersion: snapshot.storage.k8s.io/v1beta1 | |
metadata: | |
name: longhorn | |
driver: driver.longhorn.io | |
deletionPolicy: Delete | |
EOF | |
#Setup backup target - Minio | |
==================== | |
kubectl create -f https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/backupstores/minio-backupstore.yaml | |
#ingresscontroller and Longhorn Ingress | |
==================== | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml | |
USER=test; PASSWORD=test; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth | |
kubectl -n longhorn-system create secret generic basic-auth --from-file=auth | |
cat << EOF | kubectl apply -f - | |
apiVersion: networking.k8s.io/v1 | |
kind: Ingress | |
metadata: | |
name: longhorn-ingress | |
namespace: longhorn-system | |
annotations: | |
# type of authentication | |
nginx.ingress.kubernetes.io/auth-type: basic | |
# prevent the controller from redirecting (308) to HTTPS | |
nginx.ingress.kubernetes.io/ssl-redirect: 'false' | |
# name of the secret that contains the user/password definitions | |
nginx.ingress.kubernetes.io/auth-secret: basic-auth | |
# message to display with an appropriate context why the authentication is required | |
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required ' | |
spec: | |
rules: | |
- http: | |
paths: | |
- pathType: Prefix | |
path: "/" | |
backend: | |
service: | |
name: longhorn-frontend | |
port: | |
number: 80 | |
EOF | |
#Open Longhirn UI enable minio as backup | |
https://74.220.21.97:31020/ | |
#username:password -> test:test | |
Go to settings > backup > add | |
Backup target= s3://backupbucket@us-east-1/ | |
Backup Target Credential Secret= minio-secret | |
Run Snapshot test against Longhorn | |
./kubestr csicheck -s longhorn -v longhorn | |
above will create pod+pvc > snapshot creation > restore pod+pvc > delete resources | |
./kubestr fio -s longhorn -z 10G |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment