kubernetes application web nginx avec docker sur google cloud platform : création des instances
Ce tutorial est une démonstration en laboratoire pour le plaisir, à but non lucratif, pour montrer que le concept est possible, ou pour un cours dans le cadre scolaire. Ne testez pas dans un environnement réel de production
But du POC: Configurer Kubernetes pour orchestrer 5 pods containers faisant tourner l'application web Nginx sous docker
Création des instances sur Google Cloud Platform:
Google gloud/Compute engine/VM instances
Une question? Posez-la ici
Besoin d'aide avec Kubernetes?
kubernetes application web nginx avec docker sur google cloud platform : configuration
On clique sur SSH sur le master
sudo su -s
On aurait pu créer le script en python mais le bash convient bien dans ce cas précis
# Etape 1 - Permettre au iptables de voir le bridged traffic
cat >>/etc/sysctl.d/kubernetes.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
cat >>/etc/sysctl.d/kubernetes.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# Etape 2 - Appliquer la modification
sysctl --system
* Applying /etc/sysctl.d/10-console-messages.conf ...
kernel.printk = 4 4 1 7
* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
* Applying /etc/sysctl.d/10-kernel-hardening.conf ...
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/10-link-restrictions.conf ...
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/10-lxd-inotify.conf ...
fs.inotify.max_user_instances = 1024
* Applying /etc/sysctl.d/10-magic-sysrq.conf ...
kernel.sysrq = 176
* Applying /etc/sysctl.d/10-network-security.conf ...
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
* Applying /etc/sysctl.d/10-ptrace.conf ...
kernel.yama.ptrace_scope = 1
* Applying /etc/sysctl.d/10-zeropage.conf ...
vm.mmap_min_addr = 65536
* Applying /usr/lib/sysctl.d/50-default.conf ...
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
* Applying /etc/sysctl.d/60-gce-network-security.conf ...
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
kernel.randomize_va_space = 2
kernel.panic = 10
* Applying /etc/sysctl.d/99-cloudimg-ipv6.conf ...
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/kubernetes.conf ...
* Applying /etc/sysctl.conf ...
Une question? Posez-la ici
Besoin d'aide avec Kubernetes?
kubernetes application web nginx avec docker sur google cloud platform : installation docker
# Etape 3 - Installer docker
apt update && apt install -y docker.io apt-transport-https ca-certificates \
curl gnupg-agent software-properties-common
root@loic-master:~# apt update && apt install -y docker.io apt-transport-https ca-certificates \
> curl gnupg-agent software-properties-common
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Hit:2 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic InRelease
Get:3 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:4 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-backports InRelease [83.3 kB]
Get:5 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages [8570 kB]
Get:6 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [2493 kB]
Get:7 http://security.ubuntu.com/ubuntu bionic-security/main Translation-en [432 kB]
Get:8 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [1021 kB]
Get:9 http://security.ubuntu.com/ubuntu bionic-security/restricted Translation-en [141 kB]
Get:10 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1249 kB]
Get:11 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic/universe Translation-en [4941 kB]
Get:12 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [289 kB]
Get:13 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [19.1 kB]
Get:14 http://security.ubuntu.com/ubuntu bionic-security/multiverse Translation-en [3908 B]
Get:15 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic/multiverse amd64 Packages [151 kB]
Get:16 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic/multiverse Translation-en [108 kB]
Get:17 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [2828 kB]
Get:18 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [1051 kB]
Get:19 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/restricted Translation-en [146 kB]
Get:20 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1862 kB]
Get:21 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [403 kB]
Get:22 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [24.9 kB]
Get:23 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/multiverse Translation-en [6072 B]
Get:24 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [53.3 kB]
Get:25 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-backports/main Translation-en [14.6 kB]
Get:26 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [18.1 kB]
Get:27 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-backports/universe Translation-en [8668 B]
Fetched 26.1 MB in 5s (4899 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
3 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree
Reading state information... Done
curl is already the newest version (7.58.0-2ubuntu3.21).
curl set to manually installed.
software-properties-common is already the newest version (0.96.24.32.18).
software-properties-common set to manually installed.
The following package was automatically installed and is no longer required:
libnuma1
Use 'apt autoremove' to remove it.
The following additional packages will be installed:
bridge-utils containerd pigz runc ubuntu-fan
Suggested packages:
ifupdown aufs-tools cgroupfs-mount | cgroup-lite debootstrap docker-doc rinse zfs-fuse | zfsutils
The following NEW packages will be installed:
apt-transport-https bridge-utils containerd docker.io gnupg-agent pigz runc ubuntu-fan
The following packages will be upgraded:
ca-certificates
1 upgraded, 8 newly installed, 0 to remove and 2 not upgraded.
Need to get 69.0 MB of archives.
After this operation, 333 MB of additional disk space will be used.
Get:1 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]
Get:2 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/main amd64 ca-certificates all 20211016ubuntu0.18.04.1 [140 kB]
Get:3 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 apt-transport-https all 1.6.14 [4348 B]
Get:4 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic/main amd64 bridge-utils amd64 1.5-15ubuntu1 [30.1 kB]
Get:5 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 runc amd64 1.1.0-0ubuntu1~18.04.1 [3896 kB]
Get:6 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 containerd amd64 1.5.9-0ubuntu1~18.04.1 [33.0 MB]
Get:7 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 docker.io amd64 20.10.12-0ubuntu2~18.04.1 [31.8 MB]
Get:8 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 gnupg-agent all 2.2.4-1ubuntu1.6 [4868 B]
Get:9 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic/main amd64 ubuntu-fan all 0.12.10 [34.7 kB]
Fetched 69.0 MB in 4s (18.6 MB/s)
Preconfiguring packages ...
Selecting previously unselected package pigz.
(Reading database ... 66644 files and directories currently installed.)
Preparing to unpack .../0-pigz_2.4-1_amd64.deb ...
Unpacking pigz (2.4-1) ...
Preparing to unpack .../1-ca-certificates_20211016ubuntu0.18.04.1_all.deb ...
Unpacking ca-certificates (20211016ubuntu0.18.04.1) over (20211016~18.04.1) ...
Selecting previously unselected package apt-transport-https.
Preparing to unpack .../2-apt-transport-https_1.6.14_all.deb ...
Unpacking apt-transport-https (1.6.14) ...
Selecting previously unselected package bridge-utils.
Preparing to unpack .../3-bridge-utils_1.5-15ubuntu1_amd64.deb ...
Unpacking bridge-utils (1.5-15ubuntu1) ...
Selecting previously unselected package runc.
Preparing to unpack .../4-runc_1.1.0-0ubuntu1~18.04.1_amd64.deb ...
Unpacking runc (1.1.0-0ubuntu1~18.04.1) ...
Selecting previously unselected package containerd.
Preparing to unpack .../5-containerd_1.5.9-0ubuntu1~18.04.1_amd64.deb ...
Unpacking containerd (1.5.9-0ubuntu1~18.04.1) ...
Selecting previously unselected package docker.io.
Preparing to unpack .../6-docker.io_20.10.12-0ubuntu2~18.04.1_amd64.deb ...
Unpacking docker.io (20.10.12-0ubuntu2~18.04.1) ...
Selecting previously unselected package gnupg-agent.
Preparing to unpack .../7-gnupg-agent_2.2.4-1ubuntu1.6_all.deb ...
Unpacking gnupg-agent (2.2.4-1ubuntu1.6) ...
Selecting previously unselected package ubuntu-fan.
Preparing to unpack .../8-ubuntu-fan_0.12.10_all.deb ...
Unpacking ubuntu-fan (0.12.10) ...
Setting up apt-transport-https (1.6.14) ...
Setting up runc (1.1.0-0ubuntu1~18.04.1) ...
Setting up containerd (1.5.9-0ubuntu1~18.04.1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
Setting up bridge-utils (1.5-15ubuntu1) ...
Setting up ubuntu-fan (0.12.10) ...
Created symlink /etc/systemd/system/multi-user.target.wants/ubuntu-fan.service → /lib/systemd/system/ubuntu-fan.service.
Setting up gnupg-agent (2.2.4-1ubuntu1.6) ...
Setting up ca-certificates (20211016ubuntu0.18.04.1) ...
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
0 added, 3 removed; done.
Setting up pigz (2.4-1) ...
Setting up docker.io (20.10.12-0ubuntu2~18.04.1) ...
Adding group `docker' (GID 116) ...
Done.
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Processing triggers for systemd (237-3ubuntu10.56) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for ca-certificates (20211016ubuntu0.18.04.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
kubernetes application web nginx avec docker sur google cloud platform : ajour du repo kubernetes
soit on edite le.list avec nano, soit on lance cette commande
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
# Etape 5 - Installer les composants kubernetes
apt update && apt install -y kubeadm=1.21.0-00 kubelet=1.21.0-00 kubectl=1.21.0-00
Hit:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:2 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic InRelease
Hit:4 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:5 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic-backports InRelease
Get:3 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [9383 B]
Get:6 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages [61.4 kB]
Fetched 70.8 kB in 3s (27.6 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
libnuma1
Use 'apt autoremove' to remove it.
The following additional packages will be installed:
conntrack cri-tools kubernetes-cni socat
The following NEW packages will be installed:
conntrack cri-tools kubeadm kubectl kubelet kubernetes-cni socat
0 upgraded, 7 newly installed, 0 to remove and 2 not upgraded.
Need to get 79.6 MB of archives.
After this operation, 333 MB of additional disk space will be used.
Get:2 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic/main amd64 conntrack amd64 1:1.4.4+snapshot20161117-6ubuntu2 [30.6 kB]
Get:4 http://northamerica-northeast1.gce.archive.ubuntu.com/ubuntu bionic/main amd64 socat amd64 1.7.3.2-2ubuntu2 [342 kB]
Get:1 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 cri-tools amd64 1.25.0-00 [17.9 MB]
Get:3 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubernetes-cni amd64 1.1.1-00 [25.0 MB]
Get:5 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubelet amd64 1.21.0-00 [18.8 MB]
Get:6 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubectl amd64 1.21.0-00 [8972 kB]
Get:7 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubeadm amd64 1.21.0-00 [8544 kB]
Fetched 79.6 MB in 5s (15.9 MB/s)
Selecting previously unselected package conntrack.
(Reading database ... 66973 files and directories currently installed.)
Preparing to unpack .../0-conntrack_1%3a1.4.4+snapshot20161117-6ubuntu2_amd64.deb ...
Unpacking conntrack (1:1.4.4+snapshot20161117-6ubuntu2) ...
Selecting previously unselected package cri-tools.
Preparing to unpack .../1-cri-tools_1.25.0-00_amd64.deb ...
Unpacking cri-tools (1.25.0-00) ...
Selecting previously unselected package kubernetes-cni.
Preparing to unpack .../2-kubernetes-cni_1.1.1-00_amd64.deb ...
Unpacking kubernetes-cni (1.1.1-00) ...
Selecting previously unselected package socat.
Preparing to unpack .../3-socat_1.7.3.2-2ubuntu2_amd64.deb ...
Unpacking socat (1.7.3.2-2ubuntu2) ...
Selecting previously unselected package kubelet.
Preparing to unpack .../4-kubelet_1.21.0-00_amd64.deb ...
Unpacking kubelet (1.21.0-00) ...
Selecting previously unselected package kubectl.
Preparing to unpack .../5-kubectl_1.21.0-00_amd64.deb ...
Unpacking kubectl (1.21.0-00) ...
Selecting previously unselected package kubeadm.
Preparing to unpack .../6-kubeadm_1.21.0-00_amd64.deb ...
Unpacking kubeadm (1.21.0-00) ...
Setting up conntrack (1:1.4.4+snapshot20161117-6ubuntu2) ...
Setting up kubernetes-cni (1.1.1-00) ...
Setting up cri-tools (1.25.0-00) ...
Setting up socat (1.7.3.2-2ubuntu2) ...
Setting up kubelet (1.21.0-00) ...
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /lib/systemd/system/kubelet.service.
Setting up kubectl (1.21.0-00) ...
Setting up kubeadm (1.21.0-00) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
root@loic-master:~#
.
# initialiser l'api du cluster kubernetes
kubeadm init --apiserver-advertise-address=<l'adresse ip de votre machine master> \
--pod-network-cidr=192.168.0.0/16 --ignore-preflight-errors=all
# initialiser l'api du cluster kubernetes
kubeadm init --apiserver-advertise-address=10.162.0.16 \
--pod-network-cidr=192.168.0.0/16 --ignore-preflight-errors=all
I1207 09:17:46.744599 12576 version.go:254] remote version is much newer: v1.25.4; falling back to: stable-1.21
[init] Using Kubernetes version: v1.21.14
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local loic-master] and IPs [10.96.0.1 10.162.0.16]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost loic-master] and IPs [10.162.0.16 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost loic-master] and IPs [10.162.0.16 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 58.504957 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.21" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node loic-master as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node loic-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 70wxtr.72yl8h60yvyp06w0
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.162.0.16:6443 --token 70wxtr.72yl8h60yvyp06w0 \
--discovery-token-ca-cert-hash sha256:eea627abb9ca4392559c5494b243610f47dd1a14dfa296d36b8f740d2b717700
root@loic-master:~#
# Configurer le networking interne du cluster
kubectl --kubeconfig=/etc/kubernetes/admin.conf create -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml
root@loic-master:~# kubectl --kubeconfig=/etc/kubernetes/admin.conf create -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml
configmap/calico-config created
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
root@loic-master:~#
Nous avons maintenant un master et un worker:
On clique sur SSH sur le worker
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.4.0-1096-gcp x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed Dec 7 09:28:10 UTC 2022
System load: 0.08 Processes: 105
Usage of /: 18.8% of 9.51GB Users logged in: 0
Memory usage: 5% IP address for ens4: 10.162.0.17
Swap usage: 0%
0 updates can be applied immediately.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
Répeter le process d'installation de docker sur le worker
kubernetes application web nginx avec docker sur google cloud platform : jointure cluster master worker
On fait joindre le woker1 au master-node
kubeadm join 10.162.0.16:6443 --token 70wxtr.72yl8h60yvyp06w0 \
--discovery-token-ca-cert-hash sha256:eea627abb9ca4392559c5494b243610f47dd1a14dfa296d36b8f740d2b717700
root@loic-master:~# kubeadm token create --print-join-command
kubeadm join 10.162.0.16:6443 --token tynh4r.iy44albpjc6aj70y --discovery-token-ca-cert-hash sha256:eea627abb9ca4392559c5494b243610f47dd1a14dfa296d36b8f740d2b717700
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
kubernetes application web nginx avec docker sur google cloud platform : en service managé
Dans le google cloud, on peut créer master+worker automatiquement grace à Kubernetes services, en service managé. C’est plus simple, on n’a pas à gérer l’infra, le réseau, la sécurité. En tant qu’utilisateur on ne se concentre que sur le déploiement c’est beaucoup plus simple:
Google cloud/Kubernetes engine/cluster
Créer cluster en standard:
Une question? Posez-la ici
Besoin d'aide avec Kubernetes ?
configure
mettre prénom
Loic
default pool/Noeud/micro
Par defaut on est à :
158$ par mois
Estimated monthly cost PREVIEW
$158.38
That's about $0.22 per hour
Pricing is based on the resources you use, management fees, discounts and credits.
En optimisant:
Avec cette petite optimisation, on arrive à
Estimated monthly cost PREVIEW
$86.03
That's about $0.12 per hour
Pricing is based on the resources you use, management fees, discounts and credits.
Une question? Posez-la ici
Besoin d'aide pour réduire les couts de votre cluster Kubernetes ?
Le cluster est créé:
kubernetes application web nginx avec docker sur google cloud platform : le cloud shell
Le Cloud shell:
C’est une machine qui permet de lancer des commandes
sorte de machine locale directement accessible, avec 30Go par defaut, c’est comme une machine locale
Dans cete Cloud shell, a-t-on kubectl? Et quelle version?
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.3", GitCommit:"434bfd82814af038ad94d62ebe59b133fcb50506", GitTreeState:"clean", BuildDate:"2022-10-12T10:57:26Z", GoVersion:"go1.19.2", Compiler:"gc", Platform:"linux/amd64"}
On va utiliser le Cloudshell en guise de machine locale
Ensuite je pourrai me connecter au cluster Kubernetes pour créer des namespaces, des pods…
Sur le cluster, connecter
executer sur le cloud shell
Welcome to Cloud Shell! Type "help" to get started.
Your Cloud Platform project in this session is set to exalted-gamma-343120.
Use “gcloud config set project [PROJECT_ID]” to change to a different project.
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ gcloud container clusters get-credentials loic-cluster --zone us-central1-c --project exalted-gamma-343120
Automatiquement, il a collé la configuration dans ~/.kube (étape que l’on a fait auparavant) et maintenant avec Kkubectl on peut interroger le cluster
on tape kubectl version:
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.4", GitCommit:"872a965c6c6526caa949f0c6ac028ef7aff3fb78", GitTreeState:"clean", BuildDate:"2022-11-09T13:36:36Z", GoVersion:"go1.19.3", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.7
Avec
kubectl get nodes
On voit les nodes
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
gke-loic-cluster-default-pool-bb5af307-3txs Ready <none> 110m v1.23.12-gke.100
gke-loic-cluster-default-pool-bb5af307-9kfr Ready <none> 110m v1.23.12-gke.100
Sur l’interface du serveur, on clique sur deployer
selectionner l’image docker à déployer
nginx:latest
kubernetes application web nginx avec docker sur google cloud platform : création d'un déploiement nginx
cliquer plus bas sur continuer
Choisir son cluster:
En cliquant sur YAML on visualise le fichier YAML
---
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
name: "nginx-1"
namespace: "default"
labels:
app: "nginx-1"
spec:
replicas: 3
selector:
matchLabels:
app: "nginx-1"
template:
metadata:
labels:
app: "nginx-1"
spec:
containers:
- name: "nginx-1"
image: "nginx:latest"
---
apiVersion: "autoscaling/v2"
kind: "HorizontalPodAutoscaler"
metadata:
name: "nginx-1-hpa-zh7r"
namespace: "default"
labels:
app: "nginx-1"
spec:
scaleTargetRef:
kind: "Deployment"
name: "nginx-1"
apiVersion: "apps/v1"
minReplicas: 1
maxReplicas: 5
metrics:
- type: "Resource"
resource:
name: "cpu"
target:
type: "Utilization"
averageUtilization: 80
On clique sur deploy et on a les détails du deploiement
alternivement, on peut le faire manuellement avec des fichiers yaml:
https://kubernetes.io/docs/tasks/run-application/run-stateless-application-deployment/
copier coller:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2 # tells deployment to run 2 pods matching the template
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
Dans la console de la machine “locale” taper
Utiliser Vi ou Nano:
vi nginx-deployment.yml
coller le contenu du fichier en faisant SHIFT+INSERT ou CTL+V
sauvegarder
On le lance avec
kubectl create -f nginx-deployment.yml
kubernetes application web nginx avec docker sur google cloud platform : création du napespace nginx
Création du namespace:
kubectl create namespace ns-moncif
kubectl create namespace ns-loic
voir les namespaces:
kubectl get ns
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl create namespace ns-loic
namespace/ns-loic created
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl get ns
NAME STATUS AGE
default Active 114m
kube-node-lease Active 114m
kube-public Active 114m
kube-system Active 114m
ns-loic Active 19s
kubectl get pods -n default
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl get pods -n default
NAME READY STATUS RESTARTS AGE
nginx-1-5b9c56c897-cz8pv 1/1 Running 0 79m
nginx-1-5b9c56c897-ddf72 1/1 Running 0 79m
nginx-1-5b9c56c897-plmv6 1/1 Running 0 79m
kubectl –replicas=6 -f deployment.yaml –namespace=ns-nginx
kubectl scale deployment ngix-deployment –replicas=6 –namespace=ns-nginx
kubectl scale --replicas=6
kubectl config set-context --current –namespace=ns-nginx
kubectl scale deployment nginx-deployment -replicas=6
kubectl create -f nginx-deployment.yml
kubectl get pods
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deployment-9456bbbf9-nlqf8 1/1 Running 0 2m48s
nginx-deployment-9456bbbf9-xc8zc 1/1 Running 0 2m48s
kubectl scale - - replicas=6 nginx-deployment
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl scale --replicas=6 -f nginx-deployment.yml
deployment.apps/nginx-deployment scaled
kubernetes application web nginx avec docker sur google cloud platform : déploiement sur 6 pods
On a bien 6 pods:
kubectl get deployments
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 6/6 6 6 15m
kubectl get pods
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deployment-9456bbbf9-2phcl 1/1 Running 0 101s
nginx-deployment-9456bbbf9-5bqgm 1/1 Running 0 101s
nginx-deployment-9456bbbf9-dvlzl 1/1 Running 0 101s
nginx-deployment-9456bbbf9-nlqf8 1/1 Running 0 14m
nginx-deployment-9456bbbf9-pzxhk 1/1 Running 0 101s
nginx-deployment-9456bbbf9-xc8zc 1/1 Running 0 14m
Voilà, notre instance Kubernetes orchestrant 6 pods docker Nginx fonctionne
Il faut maintenant créer le service pour faire communiquer les containers avec l'exterieur
On crée un service, fichie yml qui pointe sur ce déploiement
Se service contient un load balancer
Ce service expose
-un port Load balancer : 80
-un port worker : 30697
-un port pod : 80
Ce service expose une url que l’on peut interroger via navigateur
kubectl get deployments
On va créer le service nginx-service.yml
nano nginx-service.yml
|
apiVersion: v1 kind: Service metadata: name: nginx-service spec: type: LoadBalancer selector: name: nginx ports: - protocol: TCP port: 80 targetPort: 80 nodePort: 32623 |
On aplique le service
kubectl apply -f nginx-service.yml
kubectl get svc
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl apply -f nginx-service.yml
service/nginx-service created
loic_kubernetes@cloudshell:~ (exalted-gamma-343120)$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-deployment LoadBalancer 10.20.2.218 35.232.234.15 80:32623/TCP 5m2s
Quand on tape l’IP : http://35.232.234.15 dans le navigateur, on voir la page NGINX:
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.
Thank you for using nginx.
Cet article reflète exclusivement l'opinion de ses auteurs et n’engage en aucune façon Consultingit. J'espère que ça vous a plu. Vos commentaires/remarques sont les bienvenus: