Failed reason: Node port range can’t fixed! K3s
##### install #####
curl -sfL https://get.k3s.io | sh -
##### login https://192.168.99.119:6443/ get username/password #####
more /etc/rancher/k3s/k3s.yaml
##### change node-port range #####
k3s server –kube-apiserver-arg –service-node-port-range=1-65535
##### install dashboard #####
k3s kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml –insecure-skip-tls-verify
k3s kubectl create secret generic kubernetes-dashboard-certs –from-file=certs -n kube-system
k3s kubectl apply -f dashboard-ClusterRoleBinding.yaml
k3s kubectl apply -f dashboard-adminuser.yaml
k3s kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk ‘{print $1}')
https://qhh.me/2019/08/pod 文件定义在 /etc/kubernetes/manifests/kube-apiserver.yaml15/Kubernetes-%E8%B0%83%E6%95%B4-nodePort-%E7%AB%AF%E5%8F%A3%E8%8C%83%E5%9B%B4/
在 command 下添加 –service-node-port-range=1-65535 参数,修改后会自动生效,无需其他操作:
apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: - command: - kube-apiserver - --service-node-port-range=1-65535 - --advertise-address=192.168.26.10 - --allow-privileged=true - --authorization-mode=Node,RBAC - --client-ca-file=/etc/kubernetes/pki/ca.crt - --enable-admission-plugins=NodeRestriction - --enable-bootstrap-token-auth=true - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-servers=https://127.0.0.1:2379 - --insecure-port=0 - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key - --requestheader-allowed-names=front-proxy-client - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --secure-port=6443 - --service-account-key-file=/etc/kubernetes/pki/sa.
Error: User “system:serviceaccount:kube-system:default” cannot get resource “namespaces” https://github.com/fnproject/fn-helm/issues/21#issuecomment-545317241
kubectl create serviceaccount --namespace kube-system tiller kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' helm init --upgrade --service-account tiller
On root home openssl req -nodes -newkey rsa:4096 -keyout certs/docker-registry.key -out certs/docker-registry.csr -subj "/C=/ST=/L=/O=/OU=/CN=docker-registry" openssl x509 -req -sha256 -days 365 -in certs/docker-registry.csr -signkey certs/docker-registry.key -out certs/docker-registry.crt docker run -dp 5000:5000 --name registry -v "$(pwd)"/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.key \ registry nano /etc/hosts > 192.168.99.118 docker-registry cd /etc/docker mkdir certs.d cd certs.d mkdir docker-registry:5000 cd docker-registry:5000 cp ~/certs/docker-registry.crt ca.crt ===== check registry is working docker image pull busybox docker image tag busybox docker-registry:5000/mybusybox docker image push docker-registry:5000/mybusybox docker run --rm docker-registry:5000/mybusybox echo "Hello from busybox" // docker rmi busybox docker-registry:5000/mybusybox docker run --rm docker-registry:5000/mybusybox echo "Hello from busybox" ===== remove registry docker container stop registry && docker container rm -v registry https://jkzhao.
https://github.com/fanux/sealos
https://sueboy.blogspot.com/2019/01/ingress-nginx-kubernetes-ingress-with.html
Real site is https://kubernetes.github.io/ingress-nginx/deploy/
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml Verify installation https://kubernetes.github.io/ingress-nginx/deploy/#verify-installation
kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch Detect installed version https://kubernetes.github.io/ingress-nginx/deploy/#detect-installed-version
shell script POD_NAMESPACE=ingress-nginx POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].metadata.name}') kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version =========
Other nginx-ingress https://kubernetes.github.io/ingress-nginx/deploy/#using-helm
https://www.digitalocean.com/community/tutorials/how-to-create-a-kubernetes-cluster-using-kubeadm-on-debian-9
