https://github.com/ai-ql/kubernetes-handbook

Kubernetes handbook, use K3S Tencent Cloud as example
https://github.com/ai-ql/kubernetes-handbook

Last synced: 5 months ago
JSON representation

Kubernetes handbook, use K3S Tencent Cloud as example

• Host: GitHub
• URL: https://github.com/ai-ql/kubernetes-handbook
• Owner: AI-QL
• Created: 2024-07-29T13:26:12.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-07-29T13:28:23.000Z (almost 2 years ago)
• Last Synced: 2025-06-23T09:47:59.348Z (12 months ago)
• Size: 3.91 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Kubernetes Handbook

Kubernetes handbook, this repo utilizes Tencent Cloud K3S as the demo environment  

You should already have a K3S/miniKube/K8S env with kubectl and envsubst as precondition

## Install

### Set Kube Config

By default, `$HOME/.kube` might exist an `config` and you do not need config it

 [Optional] 

#### 1. Edit `/etc/profile`, you may need `sudo` to add

```bash

export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

```

For lighthouse user, you may need to add `KUBECONFIG` in `.bashrc`

> You can exit Vim by `:wq!`

> In Tencent Cloud, you might not be able to leave Insert Mode  

> Please press `Ctrl + Shift + F5`  

> Or use `Ctrl + C` to force Command Mode  

> Or maybe you are in Record Mode, press `Q` to finish  

#### 2. Apply

```

source /etc/profile

```

> You can check if it works by `echo $KUBECONFIG`

 

#### You can set env `EMAIL` and `DOMAIN` for later use according to step 1:

```bash

export EMAIL=xxx.xxx@gmail.com

export DOMAIN=xxx.com

```

### Install Helm

```

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

```

### Add Helm Repo

```

helm repo add jetstack https://charts.jetstack.io && helm repo update

```

## Cert

### Install Cert-Manager

#### 1. Create namespace

```

kubectl create namespace cert-manager

```

#### 2. Install cert-manager

Check installeable version

```

helm search repo cert-manager

```

```

helm install \

  cert-manager jetstack/cert-manager \

  --namespace cert-manager \

  --set installCRDs=true

```

>   `--set installCRDs=true` : For ClusterIssuer later  

>   `--version v1.xx.x` ：You can specify an old version

#### 3. [Optional] Install CRD

Skip this step ff you already set `installCRDs` in previous

 Manual install CRD 

Check installed version

```

helm list -n cert-manager

```

Apply the yaml, REMEMBER to replace the version number!!!

```

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.14.5/cert-manager.yaml

```

  

> This step could be also used for installation without `helm`

#### 4. [Optional] Check Running Pods

```

kubectl get pods --namespace cert-manager

```

### Config ClusterIssuer

Refer to [K3S Rocks](https://k3s.rocks/https-cert-manager-letsencrypt/)

#### 1. Add ClusterIssuer

letsencrypt-prod.yaml

```yaml

apiVersion: cert-manager.io/v1

kind: ClusterIssuer

metadata:

  name: letsencrypt-prod

spec:

  acme:

    email: $EMAIL    # Email Address

    server: https://acme-v02.api.letsencrypt.org/directory

    privateKeySecretRef:

      name: letsencrypt-prod

    solvers:

    - http01:

        ingress:

          class: traefik

---

```

#### 2. Add Middleware

traefik-https-redirect-middleware.yaml

```yaml

apiVersion: traefik.containo.us/v1alpha1

kind: Middleware

metadata:

  name: redirect-https

spec:

  redirectScheme:

    scheme: https

    permanent: true

---

```

#### 3. Add Ingress

whoami-ingress-tls.yaml

```yaml

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

  name: whoami-tls-ingress

  annotations:

    spec.ingressClassName: traefik

    cert-manager.io/cluster-issuer: letsencrypt-prod

    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd

    # default is Namespace, redirect-https is Middleware name

spec:

  rules:

    - host: whoami.$DOMAIN        # Domain name

      http:

        paths:

          - path: /

            pathType: Prefix      # Prefix | ImplementationSpecific

            backend:

              service:

                name: whoami-svc  # Service name

                port:

                  number: 8888    # Service port, not pod port

  tls:

    - secretName: whoami-tls      # Certificate name

      hosts:

        - whoami.$DOMAIN          # Domain name

---

```

#### 4. Add Service

nginx-service.yaml

```yaml

apiVersion: v1

kind: Service

metadata:

  labels:

    app: nginx-app

  name: whoami-svc

  namespace: default

spec:

  ports:

    - port: 8888        # Service port

      protocol: TCP

      name: app-port

      targetPort: 80

  type: ClusterIP

  selector:

    app: nginx-app

---

```

#### 5. Add Deployment

nginx-deployment.yaml

```yaml

apiVersion: apps/v1

kind: Deployment

metadata:

  name: nginx-deployment

spec:

  selector:

    matchLabels:

      app: nginx-app

  replicas: 2 # Tells deployment to run 2 pods matching the template

  template:

    metadata:

      labels:

        app: nginx-app

    spec:

      containers:

      - name: nginx-app

        image: nginx:1.26.0

        ports:

        - containerPort: 80

---

```

## Deployment

### Check Deployment

```

cat *.yaml | envsubst

```

> Check if `DOMAIN` and `EMAIL` is correctly filled

### Apply Deployment

```

cat *.yaml | envsubst | kubectl apply -f -

```

> Each yaml file should have a separator `---`  with line break in the end, otherwise it cannot be parsed

### Delete Deployment

```

kubectl delete all -l app=nginx-app

```

> `delete all` will not delete ingress,configmap,etc.

## Done

Now, you can check the welcome page by:  

https://whoami.$DOMAIN/