lisenet / kubernetes-homelab Goto Github PK
View Code? Open in Web Editor NEWBuilding a multi-master multi-node Kubernetes homelab with kubeadm, Ansible, Helm and Terraform.
License: BSD 3-Clause "New" or "Revised" License
Building a multi-master multi-node Kubernetes homelab with kubeadm, Ansible, Helm and Terraform.
License: BSD 3-Clause "New" or "Revised" License
Istio 1.17 has been tested with Kubernetes release 1.26.
https://istio.io/latest/docs/releases/supported-releases/#supported-releases/
Introduce logic for grouping directories together and making the structure easier to use.
Istio 1.14 has been tested with these Kubernetes releases: 1.21, 1.22, 1.23, 1.24.
Install Trivy Operator to continuously scans Kubernetes cluster for security issues, and generates security reports as Kubernetes Custom Resources.
It would be good to understand if we can run Kubernetes on Rocky Linux 9.
Rocky 8.6 has been released:
Out of curiosity your repo seems littered with keys and passwords. Is that intentional ? I'm assuming they're different in your environment, but was just curious.
Cheers
What is used for CRI, CNI, CSI, backups etc?
Kubernetes apiserver accepts vulnerable ciphers:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
Nmap scane results.
Nmap scan report for kubelb.hl.test (10.11.1.30)
Host is up (0.0017s latency).
PORT STATE SERVICE
6443/tcp open sun-sr-https
| ssl-cert: Subject: commonName=kube-apiserver
| Subject Alternative Name: DNS:kubelb.hl.test, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.apps.hl.test, DNS:srv31, IP Address:10.96.0.1, IP Address:10.11.1.31
| Issuer: commonName=kubernetes
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-07-05T15:28:54
| Not valid after: 2024-07-04T15:28:54
| MD5: b0c2 7a2e 2620 be38 645f ee8a 79e6 ed29
|_SHA-1: 46ef 7bcd c3af 3786 1a8e 3887 ab78 7b89 e2fb cd32
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
|_ least strength: C
Nmap done: 1 IP address (1 host up) scanned in 0.79 seconds
Inactive issues/PRs should be automatically closed to reduce man hours.
2022/12/03 18:53:53 packer-builder-qemu plugin: [INFO] Attempting SSH connection to 127.0.0.1:3687...
2022/12/03 18:53:53 packer-builder-qemu plugin: [DEBUG] reconnecting to TCP connection for SSH
2022/12/03 18:53:53 packer-builder-qemu plugin: [DEBUG] handshaking with SSH
2022/12/03 18:53:53 packer-builder-qemu plugin: [DEBUG] SSH handshake err: ssh: handshake failed: read tcp 127.0.0.1:60552->127.0.0.1:3687: read: connection reset by peer
Cancelling build after receiving interrupt
==> rocky8: Deleting output directory...
2022/12/03 18:53:57 Cancelling builder after context cancellation context canceled
2022/12/03 18:53:57 packer-post-processor-shell-local plugin: Received interrupt signal (count: 1). Ignoring.
2022/12/03 18:53:57 packer-builder-qemu plugin: Received interrupt signal (count: 1). Ignoring.
2022/12/03 18:53:57 packer-builder-qemu plugin: [WARN] Interrupt detected, quitting waiting for SSH.
2022/12/03 18:53:57 packer-builder-qemu plugin: failed to unlock port lockfile: close tcp 127.0.0.1:5979: use of closed network connection
2022/12/03 18:53:57 packer-builder-qemu plugin: failed to unlock port lockfile: close tcp 127.0.0.1:3687: use of closed network connection
2022/12/03 18:53:57 packer-builder-qemu plugin: [DEBUG] SSH wait cancelled. Exiting loop.
2022/12/03 18:53:57 [INFO] (telemetry) ending rocky8
==> Wait completed after 6 minutes 4 seconds
I'm trying to follow your packer build process but I'm also lazy and don't want uncompressed iso's all over the shop. I copied most of your packer config and just substituted
"iso_urls": "https://dl.rockylinux.org/vault/rocky/8.6/isos/x86_64/Rocky-8.6-x86_64-boot.iso",
All seemed to work, except it fails SSH. Could you provide any advice please ?
Dockerised speedtest fails with the following error:
Running a speedtest using default server
Traceback (most recent call last):
File "/usr/local/bin/speedtest-to-influxdb.py", line 23, in <module>
s = speedtest.Speedtest()
File "/usr/local/lib/python3.10/site-packages/speedtest.py", line 1095, in __init__
self.get_config()
File "/usr/local/lib/python3.10/site-packages/speedtest.py", line 1127, in get_config
raise ConfigRetrievalError(e)
speedtest.ConfigRetrievalError: HTTP Error 403: Forbidden
When a new version of Prometheus is rolled out, Kubernetes performs a RollingUpdate, meaning that a new pod is started before the old one terminates. This seems to cause issues with Prometheus.
Prometheus has a database lock on the NFS server that should be released before the new pod can write to the DB.
It would make sense to use a different deployment strategy if uptime isn't critical.
Istio 1.16 has been tested with Kubernetes release 1.25.
https://istio.io/latest/docs/releases/supported-releases/#supported-releases/
Hypervisors could use more RAM, including Kubernetes worker nodes.
https://kubernetes.io/blog/2023/08/15/pkgs-k8s-io-introduction/#how-to-migrate
Replace the yum repository definition so that yum points to the new repository instead of the Google-hosted repository. Make sure to replace the Kubernetes minor version in the command below with the minor version that you're currently using:
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
With less than a year left (June 30, 2024) until CentOS 7 becomes EOL, it's time we say farewell to it, as no new deployments will use the OS.
Terraform parsing of loaded templates should be disable because not all templates are for Terraform to evaluate.
Provisioning VMs using PXE is nice and works well, but takes time. It would be good to add Packer as an option for libvirt guests.
Replace repository http://dl-cdn.alpinelinux.org/alpine/edge/testing/ with http://dl-cdn.alpinelinux.org/alpine/edge/main/.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.