Merge docs
This commit is contained in:
parent
1fec29b05f
commit
dbf4148f31
15
docs/api-server.md
Normal file
15
docs/api-server.md
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# api-server OAuth configuration
|
||||||
|
|
||||||
|
## Update Api-server config
|
||||||
|
Add the following extraArgs to the ClusterConfiguration configMap in the kube-system namespace:
|
||||||
|
`kubectl edit -n kube-system cm kubeadm-config`
|
||||||
|
|
||||||
|
```
|
||||||
|
oidc-issuer-url: "https://accounts.google.com"
|
||||||
|
oidc-client-id: "<CLIENT_ID from Google>"
|
||||||
|
oidc-username-claim: "email"
|
||||||
|
oidc-groups-claim: "groups"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Resources
|
||||||
|
- https://kubernetes.io/docs/reference/access-authn-authz/authentication/
|
9
docs/cluster.md
Normal file
9
docs/cluster.md
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Cluster Operations
|
||||||
|
|
||||||
|
## Clean up
|
||||||
|
### Delete evicted pods across all namespaces
|
||||||
|
|
||||||
|
`kubectl get pods --all-namespaces -o json | jq '.items[] | select(.status.reason!=null) | select(.status.reason | contains("Evicted")) | "kubectl delete pods \(.metadata.name) -n \(.metadata.namespace)"' | xargs -n 1 bash -c
|
||||||
|
`
|
||||||
|
### Cleanup old replicasets
|
||||||
|
`kubectl get rs --all-namespaces | awk {' if ($3 == 0 && $4 == 0) system("kubectl delete rs "$2" --namespace="$1)'}`
|
21
docs/kubectl.md
Normal file
21
docs/kubectl.md
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# kubectl
|
||||||
|
kubectl is the basic cmdline tool to interact with any kubernetes cluster via the kube-api server.
|
||||||
|
|
||||||
|
## Plugins
|
||||||
|
As there are various very useful plugins for kubectl the first thing should be to install *krew* the plugin manager.
|
||||||
|
See: https://github.com/kubernetes-sigs/krew for details
|
||||||
|
|
||||||
|
List of awesome plugins: https://github.com/ishantanu/awesome-kubectl-plugins
|
||||||
|
|
||||||
|
### kubelogin
|
||||||
|
To login / authenticate against an openID provider like Google install the kubelogin plugin.
|
||||||
|
See: https://github.com/int128/kubelogin
|
||||||
|
|
||||||
|
Make sure to adjust your kubeconfig files accordingly !
|
||||||
|
|
||||||
|
### kauthproxy
|
||||||
|
Easiest way to access the Kubernetes dashboard, if installed in the targeted cluster, is to use the kauthproxy plugin.
|
||||||
|
See: https://github.com/int128/kauthproxy
|
||||||
|
Once installed simply execute:
|
||||||
|
`kubectl auth-proxy -n kubernetes-dashboard https://kubernetes-dashboard.svc`
|
||||||
|
and access the dashboard via the automatically opened browser window.
|
15
docs/worker.md
Normal file
15
docs/worker.md
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# Operational guide for worker nodes
|
||||||
|
|
||||||
|
## Replace worker node
|
||||||
|
In order to change the instance type or in genernal replace worker nodes do:
|
||||||
|
|
||||||
|
* (optional) Update the launch configuration of the worker group
|
||||||
|
|
||||||
|
* Make sure there is enough capacity in the cluster to handle all pods being evicted for the node
|
||||||
|
|
||||||
|
* `kubectl drain --ignore-daemonsets node_name`
|
||||||
|
will evict all pods except DaemonSets. In case there are pods with local storage review each affected pod. After being sure no important data will be lost add `--delete-local-data` to the original command above and try again.
|
||||||
|
|
||||||
|
* Terminate instance matching *node_name*
|
||||||
|
|
||||||
|
The new instance should take over the previous node_name assuming only node is being replaced at a time and automatically join and replace the previous node.
|
Loading…
Reference in New Issue
Block a user