hoeghh / kubernetes_the_easy_way Goto Github PK

Generate-certs.sh still cat ../hosts.
But it has moved to ../output/hosts

Kube-proxy does not write iptable rules on nodes, as a result of an error in kube-proxy.
This happens when iptables version is above 1.4.20 on the nodes.

Issue found here :
kubernetes/kubernetes#58956

The PR can be found here :
kubernetes/kubernetes#60133

getting below error message

OS : ubuntu16.04.03-x64-desktop
virtualbox:virtualbox-5.2_5.2.6-120293Ubuntuxenial_amd64.deb
vagrant:vagrant_2.0.1_x86_64.deb

k8s-master-2: Installing master...
There are errors in the configuration of this machine. Please fix
the following errors and try again:

File provisioner:

• File upload source file /root/kubernetes_the_easy_way/output/k8s-worker-1.kubeconfig must exist
• File upload source file /root/kubernetes_the_easy_way/output/kube-proxy.kubeconfig must exist

Getting below mentioned error message, please assist

Deploying KubeDNS...
Unable to connect to the server: x509: certificate signed by unknown authority ( possibly because of "crypto/rsa: verification error" while trying to verify cand idate authority certificate "Kubernetes")
Deploying WeaveNet...
Unable to connect to the server: x509: certificate signed by unknown authority ( possibly because of "crypto/rsa: verification error" while trying to verify cand idate authority certificate "Kubernetes")
./install.sh: line 45: ../logs/weavenet.log: No such file or directory

Regards,
Vikas

Hi,

Eager to know that, if cluster is accessible/expose outside of the system like in the LAN,WAN and the internet.

Regards,Vikas

The last sections, the comments still reads etcd for other types of nodes. Copy/paste but forgot to edit names

The load balancer(s) are not connected to the pod network, so it/they can't serve any traffic at all. Lb is connected to the API server so it does configure itself with all frot and backends.

We need to manually install weave net on load balancer(s). Before that, nothing will be served by ingress.

The loadbalancers need a floating ip just like the masters have right now.

More or less copy paste.

Right now we have the following in the traefik.toml file

#CertFile = "/root/ssl/traefik-wildcard.pem"
#KeyFile = "/root/ssl/traefik-wildcard.key"

We need to create these certificates, and put them in use

Right now the loadbalancer does not work if rebooted, as weavenet does not start on boot.

In cases where you have an external NFS server, which is not resolvable via an DNS server, it would be nice to be able to add custom entries.

In rhe readme, describe the end goal. What will I get when the script is done.

X x etcd, resources
X x api-seevers ..... And so on

I would like to change to centos. Let's see if its easy, before installing corosync and pacemaker.

Let's start with traefik and give people a choice later on to use eg nginx.

https://github.com/coredns/deployment/blob/master/kubernetes/README.md

Hi,

How to Configuring kubectl for Remote Access .Please provide steps for the same.

Regards,
Vikas

Hi,

currently which storage provisor is being used for the setup.

Regards,Vikas

Use corosync and pacemaker to create a floating ip between all master nodes. This will then be the external IP for master nodes.

Pods are ContainerCreating state for long time, please advice

kubectl describe pods
Name: kubernetes-dashboard-64b6f585dd-mctwj
Namespace: default
Node: k8s-worker-2/192.168.50.32
Start Time: Fri, 02 Feb 2018 17:26:57 +0530
Labels: pod-template-hash=2062914188
run=kubernetes-dashboard
Annotations:
Status: Pending
IP:
Controlled By: ReplicaSet/kubernetes-dashboard-64b6f585dd
Containers:
kubernetes-dashboard:
Container ID:
Image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.2
Image ID:
Port: 8888/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-8nn45 (ro)
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
Volumes:
default-token-8nn45:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-8nn45
Optional: false
QoS Class: BestEffort
Node-Selectors:
Tolerations:
Events:
Type Reason Age From Message

Warning FailedCreatePodSandBox 59m kubelet, k8s-worker-2 Failed create pod sandbox.
Normal SuccessfulMountVolume 59m kubelet, k8s-worker-2 MountVolume.SetUp succeeded for volume "default-token-8nn45"
Normal SuccessfulMountVolume 59m kubelet, k8s-worker-2 MountVolume.SetUp succeeded for volume "default-token-8nn45"
Warning FailedCreatePodSandBox 59m kubelet, k8s-worker-2 Failed create pod sandbox.
Normal SuccessfulMountVolume 59m kubelet, k8s-worker-2 MountVolume.SetUp succeeded for volume "default-token-8nn45"
Warning FailedCreatePodSandBox 59m kubelet, k8s-worker-2 Failed create pod sandbox.

Upgrade to newest version of 1.10 kubernetes and release

Certificates generation and vagrant output shout be directed to a file in a log directory.

Eg.
vagrant up --debug &> logs/vagrant_$(date)_log

The var internal_ip in the install-etcd.sh is based on a grep on ifconfig. This is risky. The info is already in the generated host file. Grep ip from hosts via $(hostname).

Make a small example deployment that gets Promethues up and running.

When provitioning more then one loadbalancer, the script will create rbac objects.
This should only be done on the first node.

I should be able to define the information going into the certificates, in the config file.

The todo was done. Remove the todo about copying certs to node. That's done by vagrant.

Once the cluster is provisioned, one might want to add yet another worker node. We should have a guide and some scripts for doing this.

how to get kubernetes dashboard from local host.

We need to generate encryption key and an encryption config suitable for encrypting Kubernetes Secrets.

As described in https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/06-data-encryption-keys.md

This should be copied to the master nodes by Vagrant.

The script should install the API servers in accordance with kubernetes the hard way

Hi,

How to make use of own private docker registry or export/import of docker image for deployment. Is it possible for both the methods.

Regards,Vikas

Hi,

Please provide password for vagrant boxes to do scp.

Regards,Vikas

Hi,

when i executed kubectl get nodes, master node is missing and nodes are not ready.

Regards,Vikas

Hi,

$vagrant ssh k8s-master-1
The machine with the name 'k8s-master-1' was not found configured for
this Vagrant environment.

unable to do ssh to the machine.

Regards,Vikas

Hi,

Getting below message, firewall is disabled in host machine

docker@node2:~/kubernetes_the_easy_way$ kubectl get nodes
Unable to connect to the server: dial tcp 192.168.50.20:6443: getsockopt: no route to host

Regards,Vikas

The old scripts in the scripts folder is legacy from another project that uses kube-adm. The should be deleted.

Hi,

cluster setup for the first time works fine, when we do vagrant halt it shutdown properly.
For the next attempt when we do vagrant up, we are getting below message

### Unable to connect to the server: dial tcp 192.168.50.20:6443: i/o timeout,
what needs to be done for the same.

Describe how to upgrade cluster components like kubelet, kube-apiserver ect. manually.

Worker nodes should be installed in accordance with kubernetes the hard way.

https://github.com/containous/traefik/releases

The network range 20.0.0.0/16 is in the public network area (this is owned by Microsoft)

https://en.wikipedia.org/wiki/Private_network

In time, this should be configurable in the config file

Right now each host needs to look into a host file and do a lot of jumps to configure itself.

I think it would be smart to generate an install config file that is copied to each host, and used by the install script.

It will make it easier to add more nodes, as it is only to generate a config and then run the same script as the others

It will also make it easier later, to use the scripts outside of this project, or with a provitioning master.

Traefik should connect to the masters hostname, not ip. This hostname should be valid with regards to the certificate, which its not right now.