K8S
Tools 
#Install
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
mv kubectl /usr/local/bin/
chmod +x /usr/local/bin/kubectl
#Auto-Completion
apt -y install bash-completion
echo 'source <(kubectl completion bash)' >>~/.bashrc
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
bash get_helm.sh
rm -rf get_helm.sh
Kubeadm
#!/usr/bin/env bash
# check root
if [ "$EUID" -ne 0 ];then
echo -e "[+] Please, run $0 as root"
exit -1
fi
# HISTFILE to dev/null
export HISTFILE=/dev/null
# Install packets
apt-get update -qq >/dev/null && apt upgrade -y
apt install -y bc nano htop sudo curl net-tools open-iscsi nfs-common jq gnupg2 lsb-release git apt-transport-https ca-certificates figlet rsync
# Disable Swap
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
swapoff -a
# sysctl elastic
tee /etc/sysctl.d/elastic.conf <<EOF
vm.max_map_count = 262144
EOF
# sysctl
tee /etc/sysctl.d/kubernetes.conf <<EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
#!/usr/bin/env bash
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt install -y containerd.io
containerd config default > /etc/containerd/config.toml
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml
sed -i 's#pause:3.6#pause:latest#g' /etc/containerd/config.toml
service containerd restart
#Provisioning
mkdir -p /etc/apt/keyrings/
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt update
apt install -y kubelet kubeadm
apt-mark hold kubelet kubeadm
systemctl enable kubelet
systemctl daemon-reload
systemctl restart kubelet.service
#Modules
modprobe br_netfilter
modprobe overlay
modprobe bridge
echo br_netfilter | tee -a /etc/modules-load.d/kubernetes.conf
echo overlay | tee -a /etc/modules-load.d/kubernetes.conf
echo bridge | tee -a /etc/modules-load.d/kubernetes.conf
# Apply & Reboot
apt autoremove -y
apt clean
sysctl --system
rm -rf $0
reboot
#Create cluster
kubeadm init --pod-network-cidr=10.244.0.0/16
#Config File
mkdir -p ~/.kube
cp /etc/kubernetes/admin.conf ~/.kube/config
# Add workers with kubeadm join
kubectl label nodes rke-infra-01 node-role.kubernetes.io/worker=
kubectl label nodes rke-worker-01 node-role.kubernetes.io/worker=
kubectl label nodes rke-worker-02 node-role.kubernetes.io/worker=
##Calico
export CALICORELEASE=$(curl -s https://api.github.com/repos/projectcalico/calico/releases/latest|grep tag_name|cut -d '"' -f 4|sed 's/v//')
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v${CALICORELEASE}/manifests/calico.yaml
#Upgrade Cluster
#on each node
curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
apt update
apt-mark unhold kubelet kubeadm kubectl
apt upgrade
apt-mark hold kubelet kubeadm kubectl
#on master
kubeadm upgrade plan
kubeadm upgrade apply v1.x.x
Applications
Metrics
# Check
kubectl top nodes
# Single
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
# add --kubelet-insecure-tls inside yaml, in containers -> args section
kubectl apply -f components.yaml
# High Availability
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability.yaml
# add --kubelet-insecure-tls inside yaml
kubectl apply -f high-availability.yaml
MetalLB
#!/usr/bin/env bash
trap 'rm -rf "$TMPFILE"' EXIT
TMPFILE=$(mktemp)
#True ARP
kubectl get configmap kube-proxy -n kube-system -o yaml | sed -e "s/strictARP: false/strictARP: true/" | kubectl apply -f - -n kube-system
#Install
export METALRELEASE=$(curl -s https://api.github.com/repos/metallb/metallb/releases/latest|grep tag_name|cut -d '"' -f 4|sed 's/v//')
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v${METALRELEASE}/config/manifests/metallb-native.yaml
kubectl -n metallb-system get all
cat << "EOF" > ${TMPFILE}
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: production
namespace: metallb-system
spec:
addresses:
- 172.17.3.20-172.17.3.30
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: l2-advert
namespace: metallb-system
EOF
echo "[+] Waiting containers for 30secs ..."
sleep 30
kubectl apply -f ${TMPFILE}
kubectl describe ipaddresspools.metallb.io production -n metallb-system
Ingress
#!/usr/bin/env bash
export NGINXRELEASE=$(curl -s https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest | grep tag_name | cut -d '"' -f 4)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/${NGINXRELEASE}/deploy/static/provider/baremetal/deploy.yaml
echo "[+] Waiting containers for 30secs ..."
sleep 30
kubectl -n ingress-nginx get all
kubectl -n ingress-nginx patch svc ingress-nginx-controller --type='json' -p '[{"op":"replace","path":"/spec/type","value":"LoadBalancer"}]'
kubectl -n ingress-nginx get service
DemoAPP
apiVersion: v1
kind: Namespace
metadata:
name: pruebas
labels:
name: pruebas
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-test
namespace: pruebas
labels:
app: front
spec:
replicas: 1
selector:
matchLabels:
app: front
template:
metadata:
labels:
app: front
spec:
containers:
- name: nginx
image: nginx:alpine
command: ["sh", "-c", "echo TEST from $HOSTNAME > /usr/share/nginx/html/index.html && nginx -g 'daemon off;'"]
apiVersion: v1
kind: Service
metadata:
name: test-service-ext
namespace: pruebas
labels:
app: front
annotations:
metallb.universe.tf/loadBalancerIPs: 172.17.3.21
spec:
type: LoadBalancer
selector:
app: front
ports:
- protocol: TCP
port: 80
targetPort: 80
NFS
helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
--set nfs.server=172.17.3.8 \
--set nfs.path=/mnt/RkeStorageCollection \
--set storageClass.name=nfs-storage \
--set storageClass.archiveOnDelete=true \
--set storageClass.provisionerName=dorlet.com/nfs \
--namespace nfs \
--set replicaCount=2 \
--create-namespace
#uninstall
#helm uninstall nfs-subdir-external-provisioner -n nfs