❯ helm install -f ./traefik/values.yaml -name traefik --namespace kube-system ./traefik NAME: traefik LAST DEPLOYED: Wed Sep 6 20:00:43 2023 NAMESPACE: kube-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: Traefik Proxy v2.10.4 has been deployed successfully on kube-system namespace ! ❯ helm upgrade -name traefik --namespace kube-system ./traefik Release "traefik" has been upgraded. Happy Helming! NAME: traefik LAST DEPLOYED: Wed Sep 6 20:08:33 2023 NAMESPACE: kube-system STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: Traefik Proxy v2.10.4 has been deployed successfully on kube-system namespace ! ❯helm uninstall -name traefik --namespace kube-system release "traefik" uninstalled
nginx
1 2 3 4 5 6 7 8 9 10
#https://docs.nginx.com/nginx-ingress-controller ❯ helm repo add nginx-stable https://helm.nginx.com/stable "nginx-stable" has been added to your repositories ❯ helm pull nginx-stable/nginx-ingress --untar
#https://github.com/kubernetes/ingress-nginx ❯ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx "ingress-nginx" has been added to your repositories ❯ helm pull ingress-nginx/ingress-nginx --untar
1 2 3 4 5 6
❯ kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io NAME WEBHOOKS AGE ingress-nginx-admission 1 42s
❯ kubectl delete -A validatingwebhookconfigurations.admissionregistration.k8s.io ingress-nginx-admission validatingwebhookconfiguration.admissionregistration.k8s.io "ingress-nginx-admission" deleted
configmaps is forbidden: User “system:anonymous” cannot list resource “configmaps” in API group “” in the namespace “default”
certificatesigningrequests
1 2
[vagrant@k8s master]$ kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created
error: failed to run Kubelet: cannot create certificate signing request: certificatesigningrequests.certificates.k8s.io is forbidden: User “kubelet-bootstrap” cannot create certificatesigningrequests.certificates.k8s.io at the cluster
proxy
unable to create proxier: can’t set sysctl net/ipv4/conf/all/route_localnet to 1: open /proc/sys/net/ipv4/conf/all/route_localnet: read-only file system
cs@debian:~/oss/hexo$ kubectl get svc -n devops NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE jenkins ClusterIP 121.21.92.146 <none> 8081/TCP,50000/TCP 105d redis-headless-service ClusterIP None <none> 6379/TCP 13d redis-service ClusterIP 121.21.24.33 <none> 6379/TCP 13d tomcat ClusterIP 121.21.191.100 <none> 8082/TCP 105d
cs@debian:~/oss/hexo$ kubectl exec -it redis-app-1 -n devops /bin/bash kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. ............. root@redis-app-1:/data# redis-cli -c -h 121.21.24.33 -p 6379 121.21.24.33:6379> auth 123456 OK 121.21.24.33:6379> ping PONG 121.21.24.33:6379> get test21 -> Redirected to slot [8530] located at 121.21.35.3:6379 (error) NOAUTH Authentication required. 121.21.35.3:6379> auth 123456 OK 121.21.35.3:6379> get test21 "20220721cs"
cs@debian:~/oss/hexo$ kubectl get pod --field-selector status.podIP=121.21.35.3 -o wide -n devops NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES redis-app-1 1/1 Running 1 9d 121.21.35.3 node04 <none> <none>