Changes

Jump to navigation Jump to search

Initializing the Kubernetes cluster

817 bytes added, 6 years ago
m
Kubernetes and pre-requisites (every node)
== Kubernetes and pre-requisites (every node) ==
Install Kubernetes on Ubuntu 18.04. Assuming version 1.14.3 is pulled, check how to fix version. On new systems, copy over the install script from the master node.
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
"default-runtime": "nvidia",
"default-shm-size": "1g",
"runtimes": {
"nvidia": {
== Authentication systems ==
=== DEX with LDAP ===The master node should now login to the docker registry of the cluster.
TODO<syntaxhighlight lang="bash">> docker login https: outdated, switched to containerized DEX//ccu. Check what still needs to be doneuni-konstanz.de:5000Username: bastian.goldlueckePassword:</syntaxhighlight>
Set up according Also, we need to [https://github.com/krishnapmv/k8sprovide the read-ldap this tutorial]with customized install scripts only secret for the docker registry in kubernetes/init/dex/every namespace.
# Create secrets for TLS connectionsTODO: howto.  Finally, use certs we need to set up all the rules for ccurbac.uni-konstanz.de <syntaxhighlight lang="bash">> cd rbac## Modify ca-cmgenerate namespaces for user groups> .yml to contain correct ca/generate_namespaces.sh#label all compute nodes for which namespace they serve# Run upload_ccu_tls(after they are up, needs to be redone when new nodes are added)> ./label_nodes.sh# Spin set up login application service.access rights for namespaces## Modify loginapp> kubectl apply -cmf rbac.yml: server configyaml## Modify loginappset up rights for which namespaces can access which compute node> kubectl apply -ing-srvf node_to_groups.ymlyaml</syntaxhighlight> == Persistent volumes == === Local persistent volumes === Check directory local_storage: service data, mapping of ports to outside world## Modify loginapp-deploy* clone the git repository for the provisioner using clone_provisioner.sh (delete first if already here).yml* install helm: ID secret for TLS## Run start-login-serviceinstall_helm.sh, get_helm.sh. Do NOT run helm init (unsafe and soon obsolete).# Spin * set up dexand run provisioner: <syntaxhighlight lang="bash">## Modify dex-cm> cd install> generate_config.yml: server data and LDAP configurationsh## Modify dex> kubectl apply -ing-srvf install_storageclass.yml: service data, mapping of ports to outside worldyaml## Modify dex> kubectl apply -deployf install_service.yml: ID secret for TLSyaml## Run start> kubectl apply -dex-servicef provisioner_generated.shyaml</syntaxhighlight> After local persistent volumes on the nodes have been generated in /mnt/kubernetes, they should show up under <syntaxhighlight lang="bash">> kubectl get pv</syntaxhighlight>
Retrieved from "https://ccu.uni-konstanz.de:443/wiki/Special:MobileDiff/443...520"

Navigation menu