k8s

ConfigMap - with Nginx

Motivation I want to mount Nginx configuration as ConfigMap. The simplest example Original Here is the default /etc/nginx/conf.d/default.conf in Nginx Docker image (comment outs were removed.) server { listen 80; listen [::]:80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } Overwritte - return a message I’ve changed location / to return the message Have a nice day!

Pull images from Gitlab Container Registry

Set up in GitLab Create user token at your GitLab. (https://{{ your_GitLab_server_domain }}/profile/personal_access_tokens) The token expire in around 14 days as default. Enable Container Regository also. Here is my note. Create a Secret Create a Secret to access GitLab Container Registry. kubectl create secret docker-registry my-reg --docker-server={{ your_GitLab_server_domain }}:5050 --docker-username={{ your-GitLab-name }} --docker-password={{ token_you_issued_at_your_GitLab_or_your_password }} Docker login In the worker nodes, add a GitLaB’s SSL to the chain. Copy CA cert under /etc/ssl/certs/.

Setup k8s worker node on Ubuntu 20.04

What I did Install k8s worker node on Ubuntu 20.04 VM server. Most parts are similar to master node installation instruction. Environments Ubuntu 20.04 Requirement 2 CPU required. sudo swapoff -a Install Docker sudo apt update sudo apt install -y docker.io sudo systemctl enable docker Set up worker node Network configuration before installing https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#check-required-ports Change kernel parameters and open ports for master node. cat <<EOF | sudo tee /etc/sysctl.

Setup k8s master node on Ubuntu 20.04 + Dashboard

What I did Install k8s master node on Ubuntu 20.04 VM server. Environments Ubuntu 20.04 Requirement 2 CPU required. sudo swapoff -a Install Docker sudo apt update sudo apt install -y docker.io sudo systemctl enable docker Set up master node Network configuration before installing https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#check-required-ports Change kernel parameters and open ports for master node. cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sudo sysctl --system sudo modprobe br_netfilter sudo ufw allow 8080/tcp #Kubernetes API Server sudo ufw allow 64430:64439/tcp #Kubernetes API Server sudo ufw allow 2379:2380/tcp #etcd server client API sudo ufw allow 10250/tcp #Kublet API sudo ufw allow 10251/tcp #kube-scheduler sudo ufw allow 10252/tcp # kube-controller-manager sudo ufw allow 6443/tcp #Kubernetes API server Install k8s I use kubenetes-xenial in focal, but as of 2020/09/17 and 2020/06/01 I can’t find any issue.

Kubernetes basics - Secret

Concepts We can regard Secret as encrypted ConfigMap. In order to enabling encryption, we should Future scope: how to encrypted??? Secret We should store the key in base64 encode. Suppose we want to store secret value this_is_value with key key_1. First, we should encode the secret value as follow. $ echo -n "this_is_value" | base64 dGhpc19pc192YWx1ZQ== dGhpc19pc192YWx1ZQ== is base64 encoded this_is_value. Now, make a YAML file. apiVersion: v1 kind: Secrets metadata: name: my-secret data: key_1: dGhpc19pc192YWx1ZQ== Even we try to read a value with kubectl describe secrets it doesn’t return a credential.

Kubernetes basics - Drafts

Service type https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types ClusterIP NodePort LoadBalancer ExternalName ClusterIP https://d33wubrfki0l68.cloudfront.net/e351b830334b8622a700a8da6568cb081c464a9b/13020/images/docs/services-userspace-overview.svg Internal network in the node. Use at first for ingress test. NodePort Bind a port of node and forward it. TargetPort: port on pod. Port: A Port from Service (to Deployments.) NodePort: A port on the node. selector: labels of the pods It calls “Node"Port but NodePorts can proxy pass to other nodes. It opens all worker node port.