# add istio helm repo
$ helm repo add istio.io https://storage.googleapis.com/istio-release/releases/1.1.0-rc.0/charts
# sync your index
$ helm repo update
# I usually save default values.yaml file to the values-custom.yaml to add to the repo
$ helm upgrade --install -f istio/values-custom.yaml istio istio.io/istio --namespace istio-system
Sergii Nuzhdin lwolf
lwolf
/ 0040-set_facts.yml
Created
February 2, 2019 14:08
set facts (https://blog.lwolf.org/post/how-to-deploy-multi-arch-kubernetes-cluster-using-kubespray/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # roles/kubernetes/preinstall/tasks/0040-set_facts.yml | |
| - set_fact: | |
| architecture_groups: | |
| x86_64: amd64 | |
| aarch64: arm64 | |
| armv7l: arm |
lwolf
/ flannel.yaml
Created
February 2, 2019 14:11
flannel multiarch (https://blog.lwolf.org/post/how-to-deploy-multi-arch-kubernetes-cluster-using-kubespray/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| name: kube-flannel-ds-arm64 | |
| namespace: kube-system | |
| ... | |
| spec: | |
| template: | |
| spec: | |
| ... |
lwolf
/ kubespray.stdout
Created
February 2, 2019 14:12
kubespray output (https://blog.lwolf.org/post/how-to-deploy-multi-arch-kubernetes-cluster-using-kubespray/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TASK [kubernetes/secrets : Gen_certs | add CA to trusted CA dir] ******************************************************************************************************************** | |
| Saturday 29 September 2018 11:23:52 +0100 (0:00:00.536) 0:09:27.463 **** | |
| changed: [node1] => {"changed": true, "checksum": "6133a4cde211b2699082947ed5877627fc17a5fb", "dest": "/usr/local/share/ca-certificates/kube-ca.crt", "gid": 0, "group": "root", "md5sum": "538b74ed3d841c835d026dd51de99882", "mode": "0644", "owner": "root", "size": 1094, "src": "/etc/kubernetes/ssl/ca.pem", "state": "file", "uid": 0} | |
| changed: [node2] => {"changed": true, "checksum": "6133a4cde211b2699082947ed5877627fc17a5fb", "dest": "/usr/local/share/ca-certificates/kube-ca.crt", "gid": 0, "group": "root", "md5sum": "538b74ed3d841c835d026dd51de99882", "mode": "0644", "owner": "root", "size": 1094, "src": "/etc/kubernetes/ssl/ca.pem", "state": "file", "uid": 0} | |
| fatal: [odroid1]: FAILED! => {"changed": false, "msg": "Source /etc/kubernetes/ssl/ca.pem not |
lwolf
/ kubectl describe
Created
February 2, 2019 14:13
pod describe (https://blog.lwolf.org/post/how-to-deploy-multi-arch-kubernetes-cluster-using-kubespray/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Normal Scheduled 48m default-scheduler Successfully assigned cert-manager/cert-manager-695f7b5bdc-t28j7 to odroid1 | |
| Warning FailedCreatePodSandBox 48m kubelet, odroid1 Failed create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "9c887728f495874b0b9efd444900f829283b26884bf23d4255193bdbd8139f4d" network for pod "cert-manager-695f7b5bdc-t28j7": NetworkPlugin cni failed to set up pod "cert-manager-695f7b5bdc-t28j7_cert-manager" network: failed to find plugin "loopback" in path [/opt/cni/bin], failed to clean up sandbox container "9c887728f495874b0b9efd444900f829283b26884bf23d4255193bdbd8139f4d" network for pod "cert-manager-695f7b5bdc-t28j7": NetworkPlugin cni failed to teardown pod "cert-manager-695f7b5bdc-t28j7_cert-manager" network: failed to find plugin "portmap" in path [/opt/cni/bin]] | |
| Normal SandboxChanged 2m (x204 over 48m) kubelet, odroid1 Pod sandbox changed, it will be killed and re-created. |
lwolf
/ defaults_main.yaml
Created
February 2, 2019 14:14
flannel vars (https://blog.lwolf.org/post/how-to-deploy-multi-arch-kubernetes-cluster-using-kubespray/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # roles/download/defaults/main.yaml | |
| flannel_cni_version: "v0.7.4" | |
| flannel_image_repo: "lwolf/flannel" | |
| flannel_cni_image_repo: "lwolf/flannel-cni" |
lwolf
/ arch_fix
Created
February 2, 2019 14:16
fix hardcoded arch (https://blog.lwolf.org/post/how-to-deploy-multi-arch-kubernetes-cluster-using-kubespray/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - hyperkube_download_url: "https://storage.googleapis.com/.../linux/amd64/hyperkube" | |
| + hyperkube_download_url: "https://storage.googleapis.com/.../linux/{{ image_arch }}/hyperkube" | |
| - etcd_download_url: "https://github.com/coreos/.../etcd-{{ etcd_version }}-linux-amd64.tar.gz" | |
| + etcd_download_url: "https://github.com/coreos/.../etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz" |
lwolf
/ istio-helm.md
Last active
April 8, 2019 18:01
https://blog.lwolf.org/post/switching_to_istio_as_the_primary_ingress/
lwolf
/ istio-pods.md
Last active
April 8, 2019 18:02
https://blog.lwolf.org/post/switching_to_istio_as_the_primary_ingress/
$ kubectl get pods -n istio-system
grafana-d5d58cb7-fchjq 1/1 Running 0 20h
istio-citadel-c4489d577-wlwdh 1/1 Running 0 20h
istio-egressgateway-5d4dd5f974-84btz 1/1 Running 0 20h
istio-galley-57586fbc4-wgp55 1/1 Running 0 20h
istio-ingress-6bf7fd96bd-v4s28 1/1 Running 0 20h
istio-ingressgateway-6469b49cf-75pnb 1/1 Running 0 20h
istio-pilot-5d76999bfc-lthr5 2/2 Running 0 20h
istio-policy-5684c685cb-5qphq 2/2 Running 4 20h
istio-sidecar-injector-58dff7458d-cqbhd 1/1 Running 0 20h
lwolf
/ istio-services.md
Last active
April 8, 2019 18:05
https://blog.lwolf.org/post/switching_to_istio_as_the_primary_ingress/
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
grafana ClusterIP 10.233.47.239 <none> 3000/TCP 1h
istio-citadel ClusterIP 10.233.52.66 <none> 8060/TCP,15014/TCP 1h
istio-egressgateway ClusterIP 10.233.39.186 <none> 80/TCP,443/TCP,15443/TCP 1h
istio-galley ClusterIP 10.233.6.227 <none> 443/TCP,15014/TCP,9901/TCP 1h
istio-ingress LoadBalancer 10.233.29.116 192.168.11.122 80:32000/TCP,443:32256/TCP 1h
istio-ingressgateway LoadBalancer 10.233.37.74 192.168.11.121 80:31380/TCP,443:31390/TCP 1h
istio-pilot ClusterIP
lwolf
/ istio-ingress.yaml
Last active
April 8, 2019 18:04
https://blog.lwolf.org/post/switching_to_istio_as_the_primary_ingress/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| annotations: | |
| kubernetes.io/ingress.class: nginx |