jdnet.biz

{{pagename}} - {{sitename}}

tagami

# k3os

## config
* /k3os/system/config.yaml
* /var/lib/rancher/k3os/config.yaml



## ha master
``` yaml
  k3s_args:
  - server
  - --no-deploy=traefik
  - --cluster-cidr=10.42.0.0/16
  - --service-cidr=10.43.0.0/16
  - --cluster-dns=10.43.0.10
  - --cluster-domain=cluster.local
  - --node-name={{ hostname }}
  - --cluster-init
```

## ha slave
``` yaml
  k3s_args:
  - server
  - --server
  - https://masterのIP:6443
```

## ha設定その他
* 一度ブートしてしまうとtlsのエラーを出してつながらない。
* pxeboot の環境で、ノードごとに設定ファイルを作ってブートして対応
* kubeconfigファイルは　/etc/rancher/k3s/k3s.yaml　に出力される
```　bash
rancher10 [/]$ kubectl  get nodes
NAME        STATUS   ROLES                       AGE   VERSION
rancher10   Ready    control-plane,etcd,master   85m   v1.21.5+k3s2
rancher11   Ready    control-plane,etcd,master   26m   v1.21.5+k3s2
rancher12   Ready    control-plane,etcd,master   77m   v1.21.5+k3s2
```

### cert-manager インストール
* タイムアウトする.
```
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.8.1
Error: INSTALLATION FAILED: context canceled
```
* コンテナ内のエラーは Not ready: the cert-manager CRDs are not yet installed on the Kubernetes API server
* --no-hooks をつけるとデプロイできた。
* no_proxy=cert-manager-webhook.cert-manager.svc　を設定するのが正しい対応の模様
* https://github.com/cert-manager/cert-manager/issues/5217
```
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.8.1 --no-hooks
NAME: cert-manager
LAST DEPLOYED: Wed Oct  5 11:56:39 2022
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.8.1 has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/
```

### rancher インストール
* やっぱり　cert-manager　が見えていない模様。
```
helm install rancher rancher-latest/rancher --namespace cattle-system --set hostname=ranchertest.jdnet.biz --set ingress.tls.source=letsEncrypt --set letsEncrypt.email=email
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: resource mapping not found for name: "rancher" namespace: "" from "": no matches for kind "Issuer" in version "cert-manager.io/v1"
ensure CRDs are installed first
```

*  cert-managerデプロイ時に --set installCRDs=trueつけると正常に動作している。
```
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
NAME: cert-manager
LAST DEPLOYED: Wed Oct  5 15:24:28 2022
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.9.1 has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/
```


2022/10/04

k3os

config

ha master

ha slave

ha設定その他

cert-manager インストール

rancher インストール