diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f0e6553 --- /dev/null +++ b/Makefile @@ -0,0 +1,35 @@ +.PHONY: help +.DEFAULT_GOAL := help + +# Uppercase vars for internal use. +UC = $(shell echo '$1' | tr '[:lower:]' '[:upper:]') +LOG_ERROR = @printf "\n>> \e[0;31m$1\e[0;00m\n\n" +LOG_WARN = @printf "\n>> \e[0;33m$1\e[0;00m\n\n" +LOG_INFO = @printf "\n>> \e[0;34m$1\e[0;00m\n\n" +LOG_SUCCESS = @printf "\n>> \e[0;36m$1\e[0;00m\n\n" +LOG_SUBLINE = @printf " \e[0;34m$1\e[0;00m\n\n" + +help: + @perl -nle'print $& if m{^[a-zA-Z_-]+:.*?## .*$$}' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}' + + + +up: ## Vagrant: start stack + $(call LOG_INFO,Up vagrant stack) + vagrant up --no-destroy-on-error --no-tty --provider=libvirt + +stop: ## Vagrant: stop stack + $(call LOG_INFO,Stop vagrant stack) + vagrant halt --force + +destroy: ## Vagrant: destroy stack + $(call LOG_INFO,Destroy vagrant stack) + vagrant destroy --force + +ps: ## Vagrant: list machines + $(call LOG_INFO,List vagrant stack) + vagrant status + +server: ## Vagrant: connect to server1 + $(call LOG_INFO,Connect to server1 via ssh) + vagrant ssh server1 \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..9987567 --- /dev/null +++ b/README.md @@ -0,0 +1,64 @@ + + +# Projekt + +To jest testowy klaster [rke2](https://github.com/rancher/rke2) kubernetes. + +# Uruchomienie + +Konfiguracja `/etc/hosts`: + +``` +10.11.0.101 server.rke2.test +10.11.0.201 example-app.rke2.test +``` + +Instalacja vagrant plugins: + +```bash +vagrant plugin install vagrant-hosts +``` + +Uruchomienie środowiska: + +```bash +make up +``` + +## Kubernetes API + +Dostęp do API kubernetesa: + + https://server.rke2.test:6443 + +Aby się podłączyć do api, porzebujemy certyfikatów, wszystkie są wygenerowane i dostępne w katalogu `./tmp` + +Przykład zapytania dla [httpie](https://httpie.io): + +```bash +http \ + --verify tmp/default-ca-crt.pem \ + --cert tmp/default-crt.pem \ + --cert-key tmp/default-key.pem \ + https://server.rke2.test:6443 +``` + +Przykład zapytania dla `curl`: + +```bash +curl \ + --cacert tmp/default-ca-crt.pem \ + --cert tmp/default-crt.pem \ + --key tmp/default-key.pem \ + https://server.rke2.test:6443 +``` + +## K9s Dashboard + +[K9s](https://github.com/derailed/k9s) to bardzo wygodny dashboard w CLI, aby go uruchomić: + +```bash +make server +sudo su - +k9s +``` diff --git a/Vagrantfile b/Vagrantfile index feabf6f..be98dca 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -5,15 +5,15 @@ ENV['VAGRANT_NO_PARALLEL'] = 'yes' require 'ipaddr' # see https://update.rke2.io/v1-release/channels -# see https://github.com/rancher/rke2/releases rke2_channel = 'latest' +# see https://github.com/rancher/rke2/releases rke2_version = 'v1.23.4+rke2r1' # see https://github.com/etcd-io/etcd/releases etcdctl_version = 'v3.5.2' # see https://github.com/derailed/k9s/releases k9s_version = 'v0.25.18' # see https://github.com/kubernetes-sigs/krew/releases -krew_version = 'v0.4.3' +krew_version = 'v0.4.1' number_of_server_nodes = 1 number_of_agent_nodes = 2 diff --git a/provision/rke2-server.sh b/provision/rke2-server.sh index e767089..9eb5439 100755 --- a/provision/rke2-server.sh +++ b/provision/rke2-server.sh @@ -40,6 +40,7 @@ cat >/etc/motd <<'EOF' EOF +h1 "Configure rke2 server" # configure the rke2 server. # see https://docs.rke2.io/install/install_options/install_options/ # see https://docs.rke2.io/install/install_options/server_config/ @@ -64,6 +65,8 @@ cluster-dns: 10.13.0.10 cluster-domain: cluster.local EOF +h1 "Install rke2 server" +h2 "Version: ${rke2_version}" # install rke2 server. # see https://docs.rke2.io/install/install_options/install_options/ # see https://docs.rke2.io/install/install_options/server_config/ @@ -74,11 +77,13 @@ curl -sfL https://raw.githubusercontent.com/rancher/rke2/$rke2_version/install.s INSTALL_RKE2_TYPE="server" \ sh - +h2 "Start rke2 server" # start the rke2-server service. systemctl cat rke2-server systemctl enable rke2-server.service systemctl start rke2-server.service +h2 "Configure system path for rke2" # symlink the utilities and setup the environment variables to use them. ln -fs /var/lib/rancher/rke2/bin/{kubectl,crictl,ctr} /usr/local/bin/ cat >/etc/profile.d/01-rke2.sh <<'EOF' @@ -89,28 +94,23 @@ export KUBECONFIG=/etc/rancher/rke2/rke2.yaml EOF source /etc/profile.d/01-rke2.sh -# wait for this node to be Ready. + +h1 "wait for this node to be Ready." # e.g. server Ready control-plane,etcd,master 3m v1.21.5+rke2r1 $SHELL -c 'node_name=$(hostname); echo "waiting for node $node_name to be ready..."; while [ -z "$(kubectl get nodes $node_name | grep -E "$node_name\s+Ready\s+")" ]; do sleep 3; done; echo "node ready!"' -# wait for the kube-dns pod to be Running. +h1 "wait for the kube-dns pod to be Running." # e.g. rke2-coredns-rke2-coredns-7bb4f446c-jksvq 1/1 Running 0 33m $SHELL -c 'while [ -z "$(kubectl get pods --selector k8s-app=kube-dns --namespace kube-system | grep -E "\s+Running\s+")" ]; do sleep 3; done' -# save the node-token in the host. -# NB do not create a token yourself as a simple hex random string, as that will -# not include the Cluster CA which means the joining nodes will not -# verify the server certificate. rke2 warns about this as: -# Cluster CA certificate is not trusted by the host CA bundle, but the -# token does not include a CA hash. Use the full token from the server's -# node-token file to enable Cluster CA validation if [ "$rke2_command" == 'cluster-init' ]; then + h2 "Copy server token to shared directory" install -d /vagrant/tmp cp /var/lib/rancher/rke2/server/node-token /vagrant/tmp/node-token fi -# install the krew kubectl package manager. -echo "installing the krew $krew_version kubectl package manager..." +h1 "Install krew package manager" +h2 "Version: ${krew_version}" apt-get install -y --no-install-recommends git wget -qO- "https://github.com/kubernetes-sigs/krew/releases/download/$krew_version/krew.tar.gz" | tar xzf - ./krew-linux_amd64 wget -q "https://github.com/kubernetes-sigs/krew/releases/download/$krew_version/krew.yaml"