Skip to content

Instantly share code, notes, and snippets.

@shotgunner
Last active July 19, 2020 06:40
Show Gist options
  • Save shotgunner/1e6768f090ee9cb609bc66090e3cdc6c to your computer and use it in GitHub Desktop.
Save shotgunner/1e6768f090ee9cb609bc66090e3cdc6c to your computer and use it in GitHub Desktop.
  1. Install docker
  2. Install shadowsocks and v2ray then set deamon.json for docker
  3. **in ROOT user => ** export http_proxy=socks5://127.0.0.1:7788 https_proxy=socks5://127.0.0.1:7788 => refrence and in /etc/environment add this line:

export http_proxy=socks5://127.0.0.1:7788
export https_proxy=socks5://127.0.0.1:7788

install npm and add http-proxy-to-socks package to convert socks<->http(s)

change cluster.yml in kubespray and change http_proxy and others to 127.0.0.1:<http_port_proxy>

refrence ** add PermitRootLogin yes to sshd_config for login with root password with ansible **

  1. run kubespray ansible

mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config => refrence

https://kubernetes.io/blog/2019/07/23/get-started-with-kubernetes-using-python/

5.ingres manifest installation on cluster https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/ search about: kubernetes ingress tutorial then found this video => good tutorial for ingress => https://www.youtube.com/watch?time_continue=33&v=VicH6KojwCI&feature=emb_logo

way to pull images from grc.io => https://docs.docker.com/config/daemon/systemd/#httphttps-proxy another method needs to test : registry_mirror

With IPSEC VPN (United states): 1-run hinava server ansible 2- run vpn instructions in here NOTE: do not forget to install sshpass in all servers

3- after follow quick installation from kubespray.io run kubespray in local computer like this : ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root cluster.yml

4 enable autocompletion for kubectl => https://kubernetes.io/docs/tasks/tools/install-kubectl/#enabling-shell-autocompletion

change default editor of kubectl edit with this => export EDITOR="/bin/nano"

change label roles of nodes => https://stackoverflow.com/questions/48854905/how-to-add-roles-to-nodes-in-kubernetes

how to configure ingress pod to listed on 80/443 instead of random ports ? => We deploy nginx-ingress from this link then edit this file => deployment/nginx-ingress.yaml add hostNetwork: true to the specs of template of nginx-ingress thne apply it with kubectl apply -f deployment/nginx-ingress.yaml

k8s portforward for testing purpose => kubectl port-forward <pod-name> 3000:3000 --address 0.0.0.0 => source1 source2

NOTE (not tested yet):test this way to run dashboard instead of kubectl proxy:

kubectl -n kube-system port-forward <kubernetes-dashboard-5b8d94b66f-q5k2p> 8443:8443 --address 0.0.0.0

restart resource => kubectl rollout restart deployment <hello-python>

exec into pod => kubectl exec --stdin --tty <shell-demo> -- /bin/bash

For local testing use microk8s. uninstall all kubernetes stuffs from your os then install it. follow this instructions for linux for autocompletion use this issue

usefull command => microk8s.kubectl get all --all-namespaces

Run VPN then Do these steps before run your pods:

microk8s enable dns
microk8s enable registry => for local registry mirror => read more
microk8s enable ingress

@shotgunner
Copy link
Author

shotgunner commented Jun 20, 2020

deploy cockroach in cluster using this link => https://github.com/cockroachdb/cockroach/tree/master/cloud/kubernetes

for do migrations (./upgrade_migration.sh in "migrate db" section in readme.md file ) add kind: job like this and apply that useing kubectl:

apiVersion: batch/v1
kind: Job
metadata:
  name: migration-init
spec:
  template:
    spec:
      containers:
      - name: migration-init
        image: <image>
        imagePullPolicy: IfNotPresent
        command:
          - "./upgrade_migration.sh"
        env:
          - name: DATABASE_URL
            value: "cockroachdb://root@cockroachdb-public:26257/<user>?sslmode=disable"
      restartPolicy: OnFailure

@shotgunner
Copy link
Author

@shotgunner
Copy link
Author

shotgunner commented Jun 20, 2020

install nslookup on debian based containers => apt update then apt install dnsutils => source
isntall ping on them => apt update then apt install iputils-ping => source

@shotgunner
Copy link
Author

@mohsenasm
Copy link

mohsenasm commented Jul 4, 2020

As you said, To make kubectl work for your non-root user, we should run these commands:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

@mohsenasm
Copy link

mohsenasm commented Jul 5, 2020

The nginx-ingress troubleshooting:

kubectl exec pod/nginx-ingress-5bd8857bd7-fd9fq -n nginx-ingress -- cat /etc/nginx/nginx.conf
kubectl exec pod/nginx-ingress-5bd8857bd7-fd9fq -n nginx-ingress -- nginx -T

More info at: https://docs.nginx.com/nginx-ingress-controller/troubleshooting/

@shotgunner
Copy link
Author

cert-manager for https => use manifest => https://cert-manager.io/docs/installation/kubernetes/

@shotgunner
Copy link
Author

@shotgunner
Copy link
Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment