[Kubernetes] 如何把 Master Node 改成有 Worker的屬性 (可分配Pods)

使用命令 kubectl taint 可以給節點(Node)增加一個污點。

比如:

kubectl taint nodes node1 key1=value1:NoSchedule

說明: 

給節點 node1 增加一個污點，它的鍵名是 key1，鍵值是 value1，效果是 NoSchedule。這表示只有擁有和這個污點相匹配的容忍度的 Pod 才能夠被分配到 node1 這個節點。

若要移除上述命令所添加的污點，你可以執行：

kubectl taint nodes node1 key1=value1:NoSchedule-

最常用的例子就是把 Master Node 改成有 Worker的屬性

kubectl taint nodes k8s1 node-role.kubernetes.io/master:NoSchedule-

[更新]

在K8S v1.24之後默認kubeadm取消taint，之前版本使用node-role.kubernetes.io/master標籤，在Kubernetes 1.24版本中，label標籤已經修改為node-role.kubernetes.io/control-plane

查看node節點所有標籤

kubectl get nodes --show-labels

我們可以直接查看master節點污點情況

kubectl describe node <node_name> | grep Taints

生成污點

kubectl taint nodes <node_name> node-role.kubernetes.io/control-plane:NoSchedule

取消污點

kubectl taint nodes <node_name> node-role.kubernetes.io/control-plane:NoSchedule-

Reference: 

kubectl 備忘單

https://kubernetes.io/zh/docs/reference/kubectl/cheatsheet/

[Kubernetes] How to use Informer to avoid frequently getting Pod and Service List via clientset.CoreV1()?

How to use Informer to avoid frequently getting Pod and Service List via clientset.CoreV1()?

 [情境]

之前開發Kubernetes相關的系統有遇過這種情況: 

需要不斷的輪詢(Pooling) Kubernetes API 去獲得最新的 Pods 與 Services List，例如是每2秒。但輪詢是比較沒有效率的做法，因為很有極大的可能是，大部分的輪詢結果都是沒有變化的。

 [解決方法]

使用Informer來解決此問題。

Some Docker run arguments mapping to Kubernetes YAML

Some Docker run arguments mapping to Kubernetes YAML
For instance: 

docker run -ti --rm -v /lib/modules:/lib/modules --net=host --pid=host --privileged \ ubuntu:18.04 bash 

Mapping Table:

[Kubernetes] The simple introduction of VPA

VPA stands for Vertical Pod Autoscaling, which frees you from having to think about what values to specify for a container's CPU and memory requests. The autoscaler can recommend values for CPU and memory requests, or it can automatically update values for CPU and memory requests.

Before using VPA, we need to install Metrics Server first as follows:

[Kubernetes] Call Kubernetes APIs

If you want to use Bash Shell  to call Kubernetes APIs, Here is the way to get the token and use it as follows:

Prepare variables

#APISERVER="https://10.10.0.100:6443"
$ APISERVER=$(kubectl config view | grep server | cut -f 2- -d ":" | tr -d " ")
$ TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | \
    grep -E '^token' | cut -f2 -d':' | tr -d '\t')

Call APIs

$ curl $APISERVER/api --header "Authorization: Bearer ${TOKEN//[[:space:]]/}" --insecure
{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "192.168.0.100:6443"
    }
  ]
}

[Kubernetes] Add new DNS server in CoreDNS Configuration

After finished the K8S installation, I had encountered an issue that the pod cannot resolve the domain name. I use these commands to check the DNS issue.

$ systemd-resolve --status
nameservers:
                  addresses:
                  - 210.240.232.1
                  search: []

# use busybox pod to run nslookup
$ kubectl apply -f https://k8s.io/examples/admin/dns/busybox.yaml
$ kubectl exec -it busybox -- nslookup kubernetes.default
$ kubectl exec -it busybox -- nslookup google.com

# check local DNS configuration
$ kubectl exec busybox cat /etc/resolv.conf

[Kubernetes] How to install Kubernetes Dashboard and without invalid certification

When I follow the instructions from the official site: https://github.com/kubernetes/dashboard to install Kubernetes Dashboard, I encounter the problem that I cannot access the dashboard via my browser because the certificate is invalid. After figuring it out, Here is my approach to resolving it.

[Kubernetes] The example of commands for commonly checking kubernetes status and troubleshooting

This post is about the example of commands for checking kubernetes status and troubleshooting. The purpose is for the reference by myself.