Create user CSR openssl genrsa -out ishare.key 2048 openssl req -new -key ishare.key -out ishare.csr Approve CSR openssl x509 -req -in ishare.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out ishare.crt -days 500 Create role kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: ishare name: ishare-admin rules: - apiGroups: ["", "extensions", "apps"] resources: - "deployments" - "pods" - "services" - "statefulsets" - "secret" - "configmap" - "persistentvolumes" - "persistentvolumeclaims" verbs: - "get" - "list" - "watch" - "create" - "update" - "patch" - "delete" - apiGroups: ["storage.k8s.io"] resources: - "storageclasses" verbs: - "get" - "list" - "watch" Create role binding kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: ishare-rolebinding namespace: ishare subjects: - kind: User name: ishare apiGroup: "" roleRef: kind: Role name: ishare-admin apiGroup: "" Create .kube/config Login to the user to authorized ...

References: Running Harbor with HTTP behind a HTTPS Reverse Proxy (nginx)

1. 环境准备 Hostname OS IP Note gm-mini debian 12 192.168.31.199 KVM host, nfs export path: /var/lib/nfs gm-red Ubuntu 22.04 192.168.31.200 VM machine, k8s control-plane gm-green Ubuntu 22.04 192.168.31.201 VM machine, k8s control-plane gm-blue Ubuntu 22.04 192.168.31.202 VM machine, k8s worker gm-orange Ubuntu 22.04 192.168.31.203 VM machine, k8s worker 2. 安装nfs server 2.1. 检查兼容性 ...

Concepts Chart A Chart is a helm package. It contains all resource definitions, tools, service. Repository A Repository is the place where charts collocated and shared. Release A Release is an instance of a chart running in K8S. Cheatsheet Add a chart repo helm repo add <repo-name> <repo-url> example: helm repo add bitnami https://charts.bitnami.com/bitnami List all chart repo helm repo list Update chart repo helm repo update Install chart helm install [<release-name>] <chart-name> example ...

This article is going to elaborate the whole process to install KVM on Debian 12, with Bridge network. With the power of bridge network, each VM will have its own LAN IP, and we can connect to the VM directly from other hosts in the same LAN. Install dependency packages Install QEMU deps Install qemu with GUI sudo apt install qemu-system libvirt-daemon-system virt-manager aqemu Install qemu without GUI sudo apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst Install bridge network deps sudo apt install dnsmasq-base bridge-utils firewalld Create bridge network KVM use NAT as the default network type, we need to create the bridge network first, and create the VM with the bridge network. ...

Catalog Pod Service ReplicaSet Deployment StatefulSet Volumes ConfigMap

container如果需要外界访问或被其他container访问，则需要借助Kubernetes Service来完成转发。 创建Service pod-kubia.yaml apiVerison: v1 kind: Pod spec: containers: - name: kubia ports: - name: http containerPort: 8080 - name: https containerPort: 8443 service-kubia.yaml ...

StatefulSet介绍 StatefulSet特点: 每个Pod拥有一个唯一确定的身份标识 StatefulSet确保不会有两个同样标识的pod存在(at-most-one) StatefulSet需要每个Pod都创建一个headless Service，用于给pod提供DNS解析，hostname格式为: <pod-name>.<service-name>.default.svc.cluster.local Scaling StatefulSet Scaling down 每次减少StatefulSet的replica数量时，都可以预知哪个pod被减少，例如SS有3个replica，分别为：pod-0, pod-1, pod-2，如果replica减少为2，则首先会删除pod-2；如果replica减少为1，则继续会删除pod-1。 ...

This article will try to explain how to setup a k8s cluster with three nodes with aliyun ecs. 1. Environment Aliyun ECS with Ubuntu 22.04 2 cores + 4G ECS Docker 24.0.6 Server has been install docker + containerd Because containerd installed with docker, so we can use conatainerd as the runtime of k8s, but we need to enable CRI interface in containerd. 2. Init MASTER NODE add apt source ...