Kubernetes: Difference between revisions

== 1 Master and 1 Node ==

Add to your <code>configuration.nix</code>:

{ config, pkgs, ... }:

let

Link your <code>kubeconfig</code> to your home directory:

ln -s /etc/kubernetes/cluster-admin.kubeconfig ~/.kube/config

</syntaxhighlight>

Now, executing <code>kubectl cluster-info</code> should yield something like this:

Kubernetes master is running at https://10.1.1.2

CoreDNS is running at https://10.1.1.2/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

You should also see that the master is also a node using <code>kubectl get nodes</code>:

NAME      STATUS  ROLES    AGE  VERSION

direwolf  Ready    <none>  41m  v1.16.6-beta.0

Add to your <code>configuration.nix</code>:

{ config, pkgs, ... }:

let

According to the [https://github.com/NixOS/nixpkgs/blob/18ff53d7656636aa440b2f73d2da788b785e6a9c/nixos/tests/kubernetes/rbac.nix#L118 NixOS tests], make your Node join the cluster:

cat /var/lib/kubernetes/secrets/apitoken.secret

echo TOKEN | nixos-kubernetes-node-join

</syntaxhighlight>

After that, you should see your new node using <code>kubectl get nodes</code>:

NAME      STATUS  ROLES    AGE    VERSION

direwolf  Ready    <none>  62m    v1.16.6-beta.0

== Troubleshooting ==

systemctl status kubelet

systemctl status kube-apiserver

kubectl get nodes

</syntaxhighlight>

If you face issues while running the <code>nixos-kubernetes-node-join</code> script:

Restarting certmgr...

Job for certmgr.service failed because a timeout was exceeded.

Go investigate with <code>journalctl -u certmgr</code>:

... certmgr: loading from config file /nix/store/gj7qr7lp6wakhiwcxdpxwbpamvmsifhk-certmgr.yaml

... manager: loading certificates from /nix/store/4n41ikm7322jxg7bh0afjpxsd4b2idpv-certmgr.d

Check if coredns is running via <code>kubectl get pods -n kube-system</code>:

NAME                      READY  STATUS    RESTARTS  AGE

coredns-577478d784-bmt5s  1/1    Running  2          163m

Run a pod to check with <code>kubectl run curl --restart=Never --image=radial/busyboxplus:curl -i --tty</code>:

If you don't see a command prompt, try pressing enter.

[ root@curl:/ ]$ nslookup google.com

In case DNS is still not working I found that sometimes, restarting services helps:

systemctl restart kube-proxy flannel kubelet

</syntaxhighlight>

Sometimes it helps to have a clean state on all instances:

* comment kubernetes-related code in <code>configuration.nix</code>

* <code>nixos-rebuild switch</code>

To do so, I found it necessary to change a few things (tested with <code>rook v1.2</code>):

* you need the <code>ceph</code> kernel module: <code>boot.kernelModules = [ "ceph" ];</code>

* change the root dir of the kubelet: <code>kubelet.extraOpts = "--root-dir=/var/lib/kubelet";</code>

* reboot all your nodes

* continue with [https://rook.io/docs/rook/v1.2/ceph-quickstart.html the official quickstart guide]

* in <code>operator.yaml</code>, set <code>CSI_FORCE_CEPHFS_KERNEL_CLIENT</code> to <code>false</code>

Make <code>nvidia-docker</code> your default docker runtime:

virtualisation.docker = {

     enable = true;

Apply their Daemonset:

kubectl create -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/1.0.0-beta4/nvidia-device-plugin.yml

</syntaxhighlight>

Some applications need enough shared memory to work properly.

Create a new volumeMount for your Deployment:

volumeMounts:

- mountPath: /dev/shm

   name: dshm

and mark its <code>medium</code> as <code>Memory</code>:

volumes:

- name: dshm

   emptyDir:

   medium: Memory

</syntaxhighlight>

== Tooling ==

[[Category:Applications]]

[[Category:Servers]]