From 22cf6b8fcc76374fa0b426fc7bda94a419658a8a Mon Sep 17 00:00:00 2001 From: wale soyinka Date: Mon, 20 Oct 2025 10:31:53 -0400 Subject: [PATCH 01/10] New translations lab11-pod-network-routes.md (French) --- .../lab11-pod-network-routes.fr.md | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.fr.md diff --git a/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.fr.md b/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.fr.md new file mode 100644 index 0000000000..4af23bdfe8 --- /dev/null +++ b/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.fr.md @@ -0,0 +1,94 @@ +--- +author: Wale Soyinka +contributors: Steven Spencer, Ganna Zhyrnova +tags: + - kubernetes + - k8s + - exercice d'atelier + - runc + - containerd + - etcd + - kubectl +--- + +# Atelier n°11 : Provisionnement des routes réseau des pods + +!!! info + + Il s'agit d'un fork de l'original ["Kubernetes the hard way"](https://github.com/kelseyhightower/kubernetes-the-hard-way) écrit à l'origine par Kelsey Hightower (GitHub : kelseyhightower). Contrairement à l'original, qui se base sur des distributions de type Debian pour l'architecture ARM64, ce fork cible les distributions Enterprise Linux telles que Rocky Linux, qui fonctionne sur l'architecture x86_64. + +Les pods planifiés sur un nœud reçoivent une adresse IP de la plage CIDR du pod du nœud. Actuellement, les pods ne peuvent pas communiquer avec d’autres pods exécutés sur des nœuds différents en raison de l’absence de [routes] réseau(https://cloud.google.com/compute/docs/vpc/routes). + +Dans cet atelier, vous allez créer un itinéraire pour chaque nœud de travail qui mappe la plage CIDR du pod du nœud à l'adresse IP interne du nœud. + +> Il existe [d'autres façons](https://kubernetes.io/docs/concepts/cluster-administration/networking/#how-to-achieve-this) d'implémenter le modèle de réseau Kubernetes. + +## Table de Routage + +Dans cette section, vous rassemblerez les informations nécessaires pour créer des itinéraires dans le réseau VPC `kubernetes-the-hard-way`. + +Affichez l'adresse IP interne et la plage CIDR du pod pour chaque instance de travail : + +```bash +{ + SERVER_IP=$(grep server machines.txt | cut -d " " -f 1) + NODE_0_IP=$(grep node-0 machines.txt | cut -d " " -f 1) + NODE_0_SUBNET=$(grep node-0 machines.txt | cut -d " " -f 5) + NODE_1_IP=$(grep node-1 machines.txt | cut -d " " -f 1) + NODE_1_SUBNET=$(grep node-1 machines.txt | cut -d " " -f 5) +} +``` + +```bash +ssh root@server < Date: Mon, 20 Oct 2025 10:31:58 -0400 Subject: [PATCH 02/10] New translations lab9-bootstrapping-kubernetes-workers.md (French) --- ...ab9-bootstrapping-kubernetes-workers.fr.md | 203 ++++++++++++++++++ 1 file changed, 203 insertions(+) create mode 100644 docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.fr.md diff --git a/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.fr.md b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.fr.md new file mode 100644 index 0000000000..f47167a0f4 --- /dev/null +++ b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.fr.md @@ -0,0 +1,203 @@ +--- +author: Wale Soyinka +contributors: Steven Spencer, Ganna Zhyrnova +tags: + - kubernetes + - k8s + - exercice d'atelier + - runc + - containerd + - etcd + - kubectl +--- + +# Lab 9: Bootstrapping the Kubernetes Worker Nodes + +!!! info + + Il s'agit d'un fork de l'original ["Kubernetes the hard way"](https://github.com/kelseyhightower/kubernetes-the-hard-way) écrit à l'origine par Kelsey Hightower (GitHub : kelseyhightower). Contrairement à l'original, qui se base sur des distributions de type Debian pour l'architecture ARM64, ce fork cible les distributions Enterprise Linux telles que Rocky Linux, qui fonctionne sur l'architecture x86_64. + +Dans cet atelier, vous démarrerez deux nœuds de travail Kubernetes. Vous installerez les composants suivants : [runc](https://github.com/opencontainers/runc), [plugins de réseautage de conteneurs](https://github.com/containernetworking/cni), [containerd](https://github.com/containerd/containerd), [kubelet](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) et [kube-proxy](https://kubernetes.io/docs/concepts/cluster-administration/proxies). + +## Prérequis + +From the `jumpbox`, copy Kubernetes binaries and `systemd` unit files to each worker instance: + +```bash +for host in node-0 node-1; do + SUBNET=$(grep $host machines.txt | cut -d " " -f 5) + sed "s|SUBNET|$SUBNET|g" \ + configs/10-bridge.conf > 10-bridge.conf + + sed "s|SUBNET|$SUBNET|g" \ + configs/kubelet-config.yaml > kubelet-config.yaml + + scp 10-bridge.conf kubelet-config.yaml \ + root@$host:~/ +done +``` + +```bash +for host in node-0 node-1; do + scp \ + downloads/runc.amd64 \ + downloads/crictl-v1.32.0-linux-amd64.tar.gz \ + downloads/cni-plugins-linux-amd64-v1.6.2.tgz \ + downloads/containerd-2.0.3-linux-amd64.tar.gz \ + downloads/kubectl \ + downloads/kubelet \ + downloads/kube-proxy \ + configs/99-loopback.conf \ + configs/containerd-config.toml \ + configs/kubelet-config.yaml \ + configs/kube-proxy-config.yaml \ + units/containerd.service \ + units/kubelet.service \ + units/kube-proxy.service \ + root@$host:~/ +done +``` + +The commands in this lab must be run separately on each worker instance: `node-0` and `node-1`. The steps for `node-0` are the only ones shown. You must repeat the exact steps and commands on `node-1`. + +Login to the worker `node-0` instance with the `ssh` command. + +```bash +ssh root@node-0 +``` + +## Provisionnement d'un nœud de travail Kubernetes + +Install the operating system dependencies: + +```bash + dnf -y update + dnf -y install socat conntrack ipset tar +``` + +> The `socat` binary supports the `kubectl port-forward` command. + +### Désactivation du `Swap` + +If you have [swap](https://help.ubuntu.com/community/SwapFaq) enabled, the kubelet will fail to start. La [recommandation est de désactiver `swap`](https://github.com/kubernetes/kubernetes/issues/7294) pour s'assurer que Kubernetes fournit une allocation de ressources et une qualité de service appropriées. + +Vérifiez que le `swap` est bien activé : + +```bash +swapon --show +``` + +Si la sortie est vide, le `swap` n'est pas activé. If the output is not empty, run the following command to disable swap immediately: + +```bash +swapoff -a +``` + +Pour vous assurer que le swap reste désactivé après le redémarrage, commentez la ligne qui monte automatiquement le volume de `swap` dans le fichier `/etc/fstab`. Entrer la commande suivante : + +```bash +sudo sed -i '/swap/s/^/#/' /etc/fstab +``` + +Créez les répertoires d’installation : + +```bash +mkdir -p \ + /etc/cni/net.d \ + /opt/cni/bin \ + /var/lib/kubelet \ + /var/lib/kube-proxy \ + /var/lib/kubernetes \ + /var/run/kubernetes +``` + +Installez les fichiers binaires de travail : + +```bash + mkdir -p containerd + tar -xvf crictl-v1.32.0-linux-amd64.tar.gz + tar -xvf containerd-2.0.3-linux-amd64.tar.gz -C containerd + tar -xvf cni-plugins-linux-amd64-v1.6.2.tgz -C /opt/cni/bin/ + mv runc.amd64 runc + chmod +x crictl kubectl kube-proxy kubelet runc + mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/ + mv containerd/bin/* /bin/ +``` + +### Configuration du Réseau `CNI` + +Create the `bridge` network configuration file: + +```bash +mv 10-bridge.conf 99-loopback.conf /etc/cni/net.d/ +``` + +### Configuration de `containerd` + +Installez les fichiers de configuration `containerd` : + +```bash + mkdir -p /etc/containerd/ + mv containerd-config.toml /etc/containerd/config.toml + mv containerd.service /etc/systemd/system/ +``` + +### Configuration de `Kubelet` + +Créez le fichier de configuration `kubelet-config.yaml` : + +```bash + mv kubelet-config.yaml /var/lib/kubelet/ + mv kubelet.service /etc/systemd/system/ +``` + +### Configuration du proxy Kubernetes + +```bash + mv kube-proxy-config.yaml /var/lib/kube-proxy/ + mv kube-proxy.service /etc/systemd/system/ +``` + +!!! note "Remarque " + + Bien que cela soit considéré comme une mauvaise sécurité, vous devrez peut-être désactiver SELinux temporairement ou définitivement si vous rencontrez des difficultés pour démarrer les services systemd nécessaires. La solution appropriée consiste à analyser et à créer les fichiers de stratégie requis à l'aide d'outils tels qu'ausearch, audit2allow, etc. + + Pour supprimer et désactiver SELinux, exécutez la commande suivante : + + ```bash + sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 + ``` + +### Lancement des `Worker Services` + +```bash + systemctl daemon-reload + systemctl enable containerd kubelet kube-proxy + systemctl start containerd kubelet kube-proxy +``` + +## Vérification + +Les instances de calcul créées dans ce didacticiel n'auront pas l'autorisation de terminer cette section de vérification. Exécutez les commandes suivantes à partir de la machine `jumpbox`. + +Énumérez les nœuds Kubernetes enregistrés : + +```bash +ssh root@server "kubectl get nodes --kubeconfig admin.kubeconfig" +``` + +```text +NAME STATUS ROLES AGE VERSION +node-0 Ready 1m v1.32.0 +``` + +Après avoir terminé toutes les étapes précédentes de ce laboratoire sur `node-0` et `node-1`, la sortie de la commande `kubectl get nodes` devrait afficher : + +```text +NAME STATUS ROLES AGE VERSION +node-0 Ready 1m v1.32.0 +node-1 Ready 10s v1.32.0 +``` + +Next: [Configuring kubectl for Remote Access](lab10-configuring-kubectl.md) From 0c46e14b90f6f341fa46f809dd4e1f1e97f1e66f Mon Sep 17 00:00:00 2001 From: wale soyinka Date: Mon, 20 Oct 2025 10:32:27 -0400 Subject: [PATCH 03/10] New translations lab11-pod-network-routes.md (Spanish) --- .../lab11-pod-network-routes.es.md | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.es.md diff --git a/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.es.md b/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.es.md new file mode 100644 index 0000000000..d0c9de5b85 --- /dev/null +++ b/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.es.md @@ -0,0 +1,94 @@ +--- +author: Wale Soyinka +contributors: Steven Spencer, Ganna Zhyrnova +tags: + - kubernetes + - k8s + - lab exercise + - runc + - containerd + - etcd + - kubectl +--- + +# Lab 11: Provisioning Pod Network Routes + +!!! info + + This is a fork of the original ["Kubernetes the hard way"](https://github.com/kelseyhightower/kubernetes-the-hard-way) originally written by Kelsey Hightower (GitHub: kelseyhightower). Unlike the original, which bases itself on Debian-like distributions for the ARM64 architecture, this fork targets Enterprise Linux distributions such as Rocky Linux, which runs on x86_64 architecture. + +Pods scheduled to a node receive an IP address from the node's Pod CIDR range. Currently, pods cannot communicate with other pods running on different nodes due to missing network [routes](https://cloud.google.com/compute/docs/vpc/routes). + +In this lab, you will create a route for each worker node that maps the node's Pod CIDR range to the node's internal IP address. + +> There are [other ways](https://kubernetes.io/docs/concepts/cluster-administration/networking/#how-to-achieve-this) to implement the Kubernetes networking model. + +## The Routing Table + +In this section, you will gather the information required to create routes in the `kubernetes-the-hard-way` VPC network. + +Print the internal IP address and Pod CIDR range for each worker instance: + +```bash +{ + SERVER_IP=$(grep server machines.txt | cut -d " " -f 1) + NODE_0_IP=$(grep node-0 machines.txt | cut -d " " -f 1) + NODE_0_SUBNET=$(grep node-0 machines.txt | cut -d " " -f 5) + NODE_1_IP=$(grep node-1 machines.txt | cut -d " " -f 1) + NODE_1_SUBNET=$(grep node-1 machines.txt | cut -d " " -f 5) +} +``` + +```bash +ssh root@server < Date: Mon, 20 Oct 2025 10:32:29 -0400 Subject: [PATCH 04/10] New translations lab9-bootstrapping-kubernetes-workers.md (Spanish) --- ...ab9-bootstrapping-kubernetes-workers.es.md | 205 ++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.es.md diff --git a/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.es.md b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.es.md new file mode 100644 index 0000000000..453038f65f --- /dev/null +++ b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.es.md @@ -0,0 +1,205 @@ +--- +author: Wale Soyinka +contributors: Steven Spencer, Ganna Zhyrnova +tags: + - kubernetes + - k8s + - lab exercise + - runc + - containerd + - etcd + - kubectl +--- + +# Lab 9: Bootstrapping the Kubernetes Worker Nodes + +!!! info + + This is a fork of the original ["Kubernetes the hard way"](https://github.com/kelseyhightower/kubernetes-the-hard-way) originally written by Kelsey Hightower (GitHub: kelseyhightower). Unlike the original, which bases itself on Debian-like distributions for the ARM64 architecture, this fork targets Enterprise Linux distributions such as Rocky Linux, which runs on x86_64 architecture. + +In this lab, you will bootstrap two Kubernetes worker nodes. You will install the following components: [runc](https://github.com/opencontainers/runc), [container networking plugins](https://github.com/containernetworking/cni), [containerd](https://github.com/containerd/containerd), [kubelet](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/), and [kube-proxy](https://kubernetes.io/docs/concepts/cluster-administration/proxies). + +## Prerequisites + +From the `jumpbox`, copy Kubernetes binaries and `systemd` unit files to each worker instance: + +```bash +for host in node-0 node-1; do + SUBNET=$(grep $host machines.txt | cut -d " " -f 5) + sed "s|SUBNET|$SUBNET|g" \ + configs/10-bridge.conf > 10-bridge.conf + + sed "s|SUBNET|$SUBNET|g" \ + configs/kubelet-config.yaml > kubelet-config.yaml + + scp 10-bridge.conf kubelet-config.yaml \ + root@$host:~/ +done +``` + +```bash +for host in node-0 node-1; do + scp \ + downloads/runc.amd64 \ + downloads/crictl-v1.32.0-linux-amd64.tar.gz \ + downloads/cni-plugins-linux-amd64-v1.6.2.tgz \ + downloads/containerd-2.0.3-linux-amd64.tar.gz \ + downloads/kubectl \ + downloads/kubelet \ + downloads/kube-proxy \ + configs/99-loopback.conf \ + configs/containerd-config.toml \ + configs/kubelet-config.yaml \ + configs/kube-proxy-config.yaml \ + units/containerd.service \ + units/kubelet.service \ + units/kube-proxy.service \ + root@$host:~/ +done +``` + +The commands in this lab must be run separately on each worker instance: `node-0` and `node-1`. The steps for `node-0` are the only ones shown. You must repeat the exact steps and commands on `node-1`. + +Login to the worker `node-0` instance with the `ssh` command. + +```bash +ssh root@node-0 +``` + +## Provisioning a Kubernetes Worker Node + +Install the operating system dependencies: + +```bash + dnf -y update + dnf -y install socat conntrack ipset tar +``` + +> The `socat` binary supports the `kubectl port-forward` command. + +### Disable Swap + +If you have [swap](https://help.ubuntu.com/community/SwapFaq) enabled, the kubelet will fail to start. The [recommendation is to disable swap](https://github.com/kubernetes/kubernetes/issues/7294) to ensure Kubernetes provides proper resource allocation and quality of service. + +Verify if swap is on: + +```bash +swapon --show +``` + +If the output is empty, then the swap is not enabled. If the output is not empty, run the following command to disable swap immediately: + +```bash +swapoff -a +``` + +To ensure swap remains off after reboot, comment out the line that automatically mounts the swap volume in the `/etc/fstab` file. Type: + +```bash +sudo sed -i '/swap/s/^/#/' /etc/fstab +``` + +Create the installation directories: + +```bash +mkdir -p \ + /etc/cni/net.d \ + /opt/cni/bin \ + /var/lib/kubelet \ + /var/lib/kube-proxy \ + /var/lib/kubernetes \ + /var/run/kubernetes +``` + +Install the worker binaries: + +```bash + mkdir -p containerd + tar -xvf crictl-v1.32.0-linux-amd64.tar.gz + tar -xvf containerd-2.0.3-linux-amd64.tar.gz -C containerd + tar -xvf cni-plugins-linux-amd64-v1.6.2.tgz -C /opt/cni/bin/ + mv runc.amd64 runc + chmod +x crictl kubectl kube-proxy kubelet runc + mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/ + mv containerd/bin/* /bin/ +``` + +### Configure CNI Networking + +Create the `bridge` network configuration file: + +```bash +mv 10-bridge.conf 99-loopback.conf /etc/cni/net.d/ +``` + +### Configure `containerd` + +Install the `containerd` configuration files: + +```bash + mkdir -p /etc/containerd/ + mv containerd-config.toml /etc/containerd/config.toml + mv containerd.service /etc/systemd/system/ +``` + +### Configure the Kubelet + +Create the `kubelet-config.yaml` configuration file: + +```bash + mv kubelet-config.yaml /var/lib/kubelet/ + mv kubelet.service /etc/systemd/system/ +``` + +### Configure the Kubernetes Proxy + +```bash + mv kube-proxy-config.yaml /var/lib/kube-proxy/ + mv kube-proxy.service /etc/systemd/system/ +``` + +!!! Note + + ``` + Although this is considered a bad security form, you might have to temporarily or permanently disable SELinux if you run into any issues starting the needed systemd services. The proper fix is to investigate and create the required policy files using tools such as ausearch, audit2allow, etc. + + The fix for getting SELinux out of the way and disabling it is by running the following: + ``` + + ```bash + sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 + ``` + +### Start the Worker Services + +```bash + systemctl daemon-reload + systemctl enable containerd kubelet kube-proxy + systemctl start containerd kubelet kube-proxy +``` + +## Verification + +The compute instances created in this tutorial will not have permission to complete this verification section. Run the following commands from the `jumpbox` machine. + +List the registered Kubernetes nodes: + +```bash +ssh root@server "kubectl get nodes --kubeconfig admin.kubeconfig" +``` + +```text +NAME STATUS ROLES AGE VERSION +node-0 Ready 1m v1.32.0 +``` + +After completing all the previous steps in this lab on both `node-0` and `node-1`, the output of the `kubectl get nodes` command should show: + +```text +NAME STATUS ROLES AGE VERSION +node-0 Ready 1m v1.32.0 +node-1 Ready 10s v1.32.0 +``` + +Next: [Configuring kubectl for Remote Access](lab10-configuring-kubectl.md) From 4f6f5e5a75f13dc70bfbc734b28d2dd2d6c94d9a Mon Sep 17 00:00:00 2001 From: wale soyinka Date: Mon, 20 Oct 2025 10:33:50 -0400 Subject: [PATCH 05/10] New translations lab11-pod-network-routes.md (German) --- .../lab11-pod-network-routes.de.md | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.de.md diff --git a/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.de.md b/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.de.md new file mode 100644 index 0000000000..83bb234066 --- /dev/null +++ b/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.de.md @@ -0,0 +1,94 @@ +--- +author: Wale Soyinka +contributors: Steven Spencer, Ganna Zhyrnova +tags: + - kubernetes + - k8s + - Laborübung + - runc + - containerd + - etcd + - kubectl +--- + +# Labor 11: Bereitstellung von Pod-Netzwerkrouten + +!!! info + + Dies ist ein Fork des ursprünglichen ["Kubernetes the hard way"](https://github.com/kelseyhightower/kubernetes-the-hard-way), das ursprünglich von Kelsey Hightower geschrieben wurde [(GitHub: kelseyhightower)](https://github.com/kelseyhightower). Im Gegensatz zum Original, das auf Debian-ähnlichen Distributionen für die ARM64-Architektur basiert, zielt dieser Fork auf Enterprise-Linux-Distributionen wie Rocky Linux ab, das auf der x86_64-Architektur läuft. + +Für einen Knoten geplante Pods erhalten eine IP-Adresse aus dem Pod-CIDR-Bereich des Knotens. Derzeit können Pods aufgrund fehlender [Netzwerkrouten] (https://cloud.google.com/compute/docs/vpc/routes) nicht mit anderen Pods kommunizieren, die auf anderen Knoten ausgeführt werden. + +In diesem Labor erstellen Sie für jeden Worker-Knoten eine Route, die den Pod-CIDR-Bereich des Knotens der internen IP-Adresse des Knotens zuordnet. + +> Es gibt auch [andere Möglichkeiten](https://kubernetes.io/docs/concepts/cluster-administration/networking/#how-to-achieve-this), das Kubernetes-Netzwerkmodell zu implementieren. + +## Routing-Tabelle + +In diesem Abschnitt sammeln Sie die erforderlichen Informationen zum Erstellen von Routen im VPC-Netzwerk `kubernetes-the-hard-way`. + +Drucken Sie die interne IP-Adresse und den Pod-CIDR-Bereich für jede Worker-Instanz: + +```bash +{ + SERVER_IP=$(grep server machines.txt | cut -d " " -f 1) + NODE_0_IP=$(grep node-0 machines.txt | cut -d " " -f 1) + NODE_0_SUBNET=$(grep node-0 machines.txt | cut -d " " -f 5) + NODE_1_IP=$(grep node-1 machines.txt | cut -d " " -f 1) + NODE_1_SUBNET=$(grep node-1 machines.txt | cut -d " " -f 5) +} +``` + +```bash +ssh root@server < Date: Mon, 20 Oct 2025 10:33:52 -0400 Subject: [PATCH 06/10] New translations lab9-bootstrapping-kubernetes-workers.md (German) --- ...ab9-bootstrapping-kubernetes-workers.de.md | 203 ++++++++++++++++++ 1 file changed, 203 insertions(+) create mode 100644 docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.de.md diff --git a/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.de.md b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.de.md new file mode 100644 index 0000000000..3504b7889a --- /dev/null +++ b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.de.md @@ -0,0 +1,203 @@ +--- +author: Wale Soyinka +contributors: Steven Spencer, Ganna Zhyrnova +tags: + - kubernetes + - k8s + - Laborübung + - runc + - containerd + - etcd + - kubectl +--- + +# Labor 9: Bootstrapping der Kubernetes-Worker-Knoten + +!!! info + + Dies ist ein Fork des ursprünglichen ["Kubernetes the hard way"](https://github.com/kelseyhightower/kubernetes-the-hard-way), das ursprünglich von Kelsey Hightower geschrieben wurde (GitHub: kelseyhightower). Im Gegensatz zum Original, das auf Debian-ähnlichen Distributionen für die ARM64-Architektur basiert, zielt dieser Fork auf Enterprise-Linux-Distributionen wie Rocky Linux ab, das auf der x86_64-Architektur läuft. + +In diesem Labor werden Sie zwei Kubernetes-Workerknoten bootstrappen. Sie installieren die folgenden Komponenten: [runc](https://github.com/opencontainers/runc), [Container-Netzwerk-Plugins](https://github.com/containernetworking/cni), [containerd](https://github.com/containerd/containerd), [kubelet](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) und [kube-proxy](https://kubernetes.io/docs/concepts/cluster-administration/proxies). + +## Voraussetzungen + +Kopieren Sie aus der `jumpbox` Kubernetes-Binärdateien und `systemd`-Unit-Dateien in jede Worker-Instanz: + +```bash +for host in node-0 node-1; do + SUBNET=$(grep $host machines.txt | cut -d " " -f 5) + sed "s|SUBNET|$SUBNET|g" \ + configs/10-bridge.conf > 10-bridge.conf + + sed "s|SUBNET|$SUBNET|g" \ + configs/kubelet-config.yaml > kubelet-config.yaml + + scp 10-bridge.conf kubelet-config.yaml \ + root@$host:~/ +done +``` + +```bash +for host in node-0 node-1; do + scp \ + downloads/runc.amd64 \ + downloads/crictl-v1.32.0-linux-amd64.tar.gz \ + downloads/cni-plugins-linux-amd64-v1.6.2.tgz \ + downloads/containerd-2.0.3-linux-amd64.tar.gz \ + downloads/kubectl \ + downloads/kubelet \ + downloads/kube-proxy \ + configs/99-loopback.conf \ + configs/containerd-config.toml \ + configs/kubelet-config.yaml \ + configs/kube-proxy-config.yaml \ + units/containerd.service \ + units/kubelet.service \ + units/kube-proxy.service \ + root@$host:~/ +done +``` + +Die Befehle in diesem Labor müssen auf jeder Workerinstanz separat ausgeführt werden: `node-0` und `node-1`. Es werden nur die Schritte für `node-0` beschrieben. Sie müssen die genauen Schritte und Befehle auf `node-1` wiederholen. + +Melden Sie sich mit dem Befehl `ssh` bei der Worker-Instanz `node-0` an. + +```bash +ssh root@node-0 +``` + +## Bereitstellen eines Kubernetes-Worker-Knotens + +Installieren Sie die Betriebssystemabhängigkeiten: + +```bash + dnf -y update + dnf -y install socat conntrack ipset tar +``` + +> Die Binärdatei `socat` unterstützt den Befehl `kubectl port-forward`. + +### Swap-Deaktivierung + +Wenn Sie [Swap](https://help.ubuntu.com/community/SwapFaq) aktiviert haben, kann das Kubelet nicht gestartet werden. Die [Empfehlung lautet, Swap zu deaktivieren](https://github.com/kubernetes/kubernetes/issues/7294), um sicherzustellen, dass Kubernetes eine angemessene Ressourcenzuweisung und Servicequalität bietet. + +Überprüfen Sie, ob der Swap aktiviert ist: + +```bash +swapon --show +``` + +Wenn die Ausgabe leer ist, ist der Swap nicht aktiviert. Wenn die Ausgabe nicht leer ist, führen Sie den folgenden Befehl aus, um den Swap sofort zu deaktivieren: + +```bash +swapoff -a +``` + +Um sicherzustellen, dass der Swap nach dem Neustart deaktiviert bleibt, kommentieren Sie die Zeile aus, die das Swap-Volume in der Datei `/etc/fstab` automatisch einbindet. Geben Sie bitte Folgendes ein: + +```bash +sudo sed -i '/swap/s/^/#/' /etc/fstab +``` + +Erstellen Sie die Installationsverzeichnisse: + +```bash +mkdir -p \ + /etc/cni/net.d \ + /opt/cni/bin \ + /var/lib/kubelet \ + /var/lib/kube-proxy \ + /var/lib/kubernetes \ + /var/run/kubernetes +``` + +Installieren Sie die Worker-Binärdateien: + +```bash + mkdir -p containerd + tar -xvf crictl-v1.32.0-linux-amd64.tar.gz + tar -xvf containerd-2.0.3-linux-amd64.tar.gz -C containerd + tar -xvf cni-plugins-linux-amd64-v1.6.2.tgz -C /opt/cni/bin/ + mv runc.amd64 runc + chmod +x crictl kubectl kube-proxy kubelet runc + mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/ + mv containerd/bin/* /bin/ +``` + +### Konfigurieren des CNI-Netzwerks + +Erstellen Sie die Netzwerkkonfigurationsdatei `bridge`: + +```bash +mv 10-bridge.conf 99-loopback.conf /etc/cni/net.d/ +``` + +### Konfiguration von `containerd` + +Installieren Sie die `containerd`-Konfigurationsdateien: + +```bash + mkdir -p /etc/containerd/ + mv containerd-config.toml /etc/containerd/config.toml + mv containerd.service /etc/systemd/system/ +``` + +### Kubelet-Konfiguration + +Erstellen Sie die Konfigurationsdatei `kubelet-config.yaml`: + +```bash + mv kubelet-config.yaml /var/lib/kubelet/ + mv kubelet.service /etc/systemd/system/ +``` + +### Konfigurieren des Kubernetes-Proxys + +```bash + mv kube-proxy-config.yaml /var/lib/kube-proxy/ + mv kube-proxy.service /etc/systemd/system/ +``` + +!!! note "Anmerkung" + + Obwohl dies als unzureichende Sicherheit gilt, müssen Sie SELinux möglicherweise vorübergehend oder dauerhaft deaktivieren, wenn beim Starten der erforderlichen systemd-Dienste Probleme auftreten. Die richtige Lösung besteht darin, die erforderlichen Richtliniendateien mit Tools wie `ausearch`, `audit2allow` usw. zu analysieren und zu erstellen. + + Um SELinux zu entfernen und zu deaktivieren, gehen Sie wie folgt vor: + + ```bash + sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 + ``` + +### Starten Sie die Worker-Dienste + +```bash + systemctl daemon-reload + systemctl enable containerd kubelet kube-proxy + systemctl start containerd kubelet kube-proxy +``` + +## Verifizierung + +Die in diesem Lernprogramm erstellten Compute-Instanzen verfügen nicht über die Berechtigung, diesen Überprüfungsabschnitt abzuschließen. Führen Sie die folgenden Befehle von der `jumpbox`-Maschine aus. + +Listen Sie die registrierten Kubernetes-Knoten auf: + +```bash +ssh root@server "kubectl get nodes --kubeconfig admin.kubeconfig" +``` + +```text +NAME STATUS ROLES AGE VERSION +node-0 Ready 1m v1.32.0 +``` + +Nachdem Sie alle vorherigen Schritte in diesem Labor sowohl auf `node-0` als auch auf `node-1` abgeschlossen haben, sollte die Ausgabe des Befehls `kubectl get nodes` Folgendes anzeigen: + +```text +NAME STATUS ROLES AGE VERSION +node-0 Ready 1m v1.32.0 +node-1 Ready 10s v1.32.0 +``` + +Fortsetzung folgt: [Konfiguration von kubectl für Remote-Access](lab10-configuring-kubectl.md) From 6a5340c6c1efd96aae8bf7dd78f8084c5987878a Mon Sep 17 00:00:00 2001 From: wale soyinka Date: Mon, 20 Oct 2025 10:34:20 -0400 Subject: [PATCH 07/10] New translations lab11-pod-network-routes.md (Italian) --- .../lab11-pod-network-routes.it.md | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.it.md diff --git a/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.it.md b/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.it.md new file mode 100644 index 0000000000..3ee616d2da --- /dev/null +++ b/docs/labs/kubernetes-the-hard-way/lab11-pod-network-routes.it.md @@ -0,0 +1,94 @@ +--- +author: Wale Soyinka +contributors: Steven Spencer, Ganna Zhyrnova +tags: + - kubernetes + - k8s + - lab exercise + - runc + - containerd + - etcd + - kubectl +--- + +# Laboratorio 11: Provisioning delle rotte di rete dei Pod + +!!! info + + Si tratta di un fork dell'originale ["Kubernetes the hard way"](https://github.com/kelseyhightower/kubernetes-the-hard-way) scritto originariamente da Kelsey Hightower (GitHub: kelseyhightower). A differenza dell'originale, che si basa su distribuzioni simili a Debian per l'architettura ARM64, questo fork si rivolge a distribuzioni Enterprise Linux come Rocky Linux, che gira su architettura x86_64. + +I pod assegnati a un nodo ricevono un indirizzo IP dall'intervallo CIDR dei pod del nodo. Attualmente, i pod non possono comunicare con altri pod in esecuzione su nodi diversi a causa della mancanza dei [percorsi di rete] (https://cloud.google.com/compute/docs/vpc/routes). + +In questo laboratorio si creerà un percorso per ciascun nodo di lavoro che mappa l'intervallo CIDR del pod del nodo all'indirizzo IP interno del nodo. + +> Esistono [altri modi](https://kubernetes.io/docs/concepts/cluster-administration/networking/#how-to-achieve-this) per implementare il modello di rete Kubernetes. + +## La tabella di instradamento + +In questa sezione si raccoglieranno le informazioni necessarie per creare percorsi nella rete VPC `kubernetes-the-hard-way`. + +Stampare l'indirizzo IP interno e l'intervallo CIDR del pod per ogni istanza di lavoro: + +```bash +{ + SERVER_IP=$(grep server machines.txt | cut -d " " -f 1) + NODE_0_IP=$(grep node-0 machines.txt | cut -d " " -f 1) + NODE_0_SUBNET=$(grep node-0 machines.txt | cut -d " " -f 5) + NODE_1_IP=$(grep node-1 machines.txt | cut -d " " -f 1) + NODE_1_SUBNET=$(grep node-1 machines.txt | cut -d " " -f 5) +} +``` + +```bash +ssh root@server < Date: Mon, 20 Oct 2025 10:34:22 -0400 Subject: [PATCH 08/10] New translations lab9-bootstrapping-kubernetes-workers.md (Italian) --- ...ab9-bootstrapping-kubernetes-workers.it.md | 203 ++++++++++++++++++ 1 file changed, 203 insertions(+) create mode 100644 docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.it.md diff --git a/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.it.md b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.it.md new file mode 100644 index 0000000000..5bbf8523d2 --- /dev/null +++ b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.it.md @@ -0,0 +1,203 @@ +--- +author: Wale Soyinka +contributors: Steven Spencer, Ganna Zhyrnova +tags: + - kubernetes + - k8s + - lab exercise + - runc + - containerd + - etcd + - kubectl +--- + +# Laboratorio 9: Avvio dei nodi di lavoro Kubernetes + +!!! info + + Si tratta di un fork dell'originale ["Kubernetes the hard way"](https://github.com/kelseyhightower/kubernetes-the-hard-way) scritto originariamente da Kelsey Hightower (GitHub: kelseyhightower). A differenza dell'originale, che si basa su distribuzioni simili a Debian per l'architettura ARM64, questo fork si rivolge a distribuzioni Enterprise Linux come Rocky Linux, che gira su architettura x86_64. + +In questo laboratorio, si avvierà il bootstrap di due nodi di lavoro Kubernetes. Si installeranno i seguenti componenti: [runc](https://github.com/opencontainers/runc), [plugin di rete per container](https://github.com/containernetworking/cni), [containerd](https://github.com/containerd/containerd), [kubelet](https://kubernetes.io/docs/ reference/command-line-tools-reference/kubelet/), e [kube-proxy](https://kubernetes.io/docs/concepts/cluster-administration/proxies). + +## Prerequisiti + +Dal `jumpbox`, copiare i file binari di Kubernetes e i file unit di `systemd` su ciascuna istanza di lavoro: + +```bash +for host in node-0 node-1; do + SUBNET=$(grep $host machines.txt | cut -d " " -f 5) + sed "s|SUBNET|$SUBNET|g" \ + configs/10-bridge.conf > 10-bridge.conf + + sed "s|SUBNET|$SUBNET|g" \ + configs/kubelet-config.yaml > kubelet-config.yaml + + scp 10-bridge.conf kubelet-config.yaml \ + root@$host:~/ +done +``` + +```bash +for host in node-0 node-1; do + scp \ + downloads/runc.amd64 \ + downloads/crictl-v1.32.0-linux-amd64.tar.gz \ + downloads/cni-plugins-linux-amd64-v1.6.2.tgz \ + downloads/containerd-2.0.3-linux-amd64.tar.gz \ + downloads/kubectl \ + downloads/kubelet \ + downloads/kube-proxy \ + configs/99-loopback.conf \ + configs/containerd-config.toml \ + configs/kubelet-config.yaml \ + configs/kube-proxy-config.yaml \ + units/containerd.service \ + units/kubelet.service \ + units/kube-proxy.service \ + root@$host:~/ +done +``` + +I comandi in questo laboratorio devono essere eseguiti separatamente su ciascuna istanza di lavoro: `node-0` e `node-1`. Vengono mostrati solo i passaggi relativi a `node-0`. È necessario ripetere esattamente gli stessi passaggi e comandi su `node-1`. + +Accedere all'istanza di lavoro `node-0` con il comando `ssh`. + +```bash +ssh root@node-0 +``` + +## Fornitura ad un nodo di lavoro Kubernetes + +Installare le dipendenze del sistema operativo: + +```bash + dnf -y update + dnf -y install socat conntrack ipset tar +``` + +> Il binario `socat` supporta il comando `kubectl port-forward`. + +### Disattivazione della swap + +Se hai abilitato la [swap](https://help.ubuntu.com/community/SwapFaq), il kubelet non riuscirà ad avviarsi. Si [consiglia di disabilitare lo swap](https://github.com/kubernetes/kubernetes/issues/7294) per garantire che Kubernetes fornisca una corretta allocazione delle risorse e una qualità del servizio adeguata. + +Verificare se la swap è attiva: + +```bash +swapon --show +``` + +Se l'output è vuoto, la swap non è abilitata. Se l'output non è vuoto, eseguire il seguente comando per disabilitare immediatamente la swap: + +```bash +swapoff -a +``` + +Per garantire che la swap rimanga disattivata dopo il riavvio, commentare la riga che monta automaticamente il volume di swap nel file `/etc/fstab`. Digitare: + +```bash +sudo sed -i '/swap/s/^/#/' /etc/fstab +``` + +Creare le directory di installazione: + +```bash +mkdir -p \ + /etc/cni/net.d \ + /opt/cni/bin \ + /var/lib/kubelet \ + /var/lib/kube-proxy \ + /var/lib/kubernetes \ + /var/run/kubernetes +``` + +Installare i binari di lavoro: + +```bash + mkdir -p containerd + tar -xvf crictl-v1.32.0-linux-amd64.tar.gz + tar -xvf containerd-2.0.3-linux-amd64.tar.gz -C containerd + tar -xvf cni-plugins-linux-amd64-v1.6.2.tgz -C /opt/cni/bin/ + mv runc.amd64 runc + chmod +x crictl kubectl kube-proxy kubelet runc + mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/ + mv containerd/bin/* /bin/ +``` + +### Configurazione della rete CNI + +Creare il file di configurazione di rete `bridge`: + +```bash +mv 10-bridge.conf 99-loopback.conf /etc/cni/net.d/ +``` + +### Configurazione di `containerd` + +Installare i file di configurazione `containerd`: + +```bash + mkdir -p /etc/containerd/ + mv containerd-config.toml /etc/containerd/config.toml + mv containerd.service /etc/systemd/system/ +``` + +### Configurazione di Kubelet + +Creare il file di configurazione `kubelet-config.yaml`: + +```bash + mv kubelet-config.yaml /var/lib/kubelet/ + mv kubelet.service /etc/systemd/system/ +``` + +### Configurazione del proxy Kubernetes + +```bash + mv kube-proxy-config.yaml /var/lib/kube-proxy/ + mv kube-proxy.service /etc/systemd/system/ +``` + +!!! note "Nota" + + Sebbene questa sia considerata una forma di sicurezza inadeguata, potrebbe essere necessario disabilitare temporaneamente o permanentemente SELinux se si riscontrano problemi nell'avvio dei servizi systemd necessari. La soluzione corretta consiste nell'analizzare e creare i file di policy richiesti utilizzando strumenti quali ausearch, audit2allow, ecc. + + Per rimuovere SELinux e disabilitarlo, eseguire quanto segue: + + ```bash + sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 + ``` + +### Avvio dei servizi di lavoro + +```bash + systemctl daemon-reload + systemctl enable containerd kubelet kube-proxy + systemctl start containerd kubelet kube-proxy +``` + +## Verifica + +Le istanze di calcolo create in questo tutorial non avranno l'autorizzazione per completare questa sezione di verifica. Eseguire i seguenti comandi dalla macchina `jumpbox`. + +Elencare i nodi Kubernetes registrati: + +```bash +ssh root@server "kubectl get nodes --kubeconfig admin.kubeconfig" +``` + +```text +NAME STATUS ROLES AGE VERSION +node-0 Ready 1m v1.32.0 +``` + +Dopo aver completato tutti i passaggi precedenti in questo laboratorio sia su `node-0` che su `node-1`, l'output del comando `kubectl get nodes` dovrebbe mostrare: + +```text +NAME STATUS ROLES AGE VERSION +node-0 Ready 1m v1.32.0 +node-1 Ready 10s v1.32.0 +``` + +Successivo: [Configurazione di kubectl per l'accesso remoto](lab10-configuring-kubectl.md) From 3943ff08c03b63ce12537dfb519f544faffa7b68 Mon Sep 17 00:00:00 2001 From: wale soyinka Date: Mon, 20 Oct 2025 10:37:52 -0400 Subject: [PATCH 09/10] New translations lab9-bootstrapping-kubernetes-workers.md (Ukrainian) --- .../lab9-bootstrapping-kubernetes-workers.uk.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.uk.md b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.uk.md index 6b82bffd3a..d84cb455a5 100644 --- a/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.uk.md +++ b/docs/labs/kubernetes-the-hard-way/lab9-bootstrapping-kubernetes-workers.uk.md @@ -158,11 +158,13 @@ mv 10-bridge.conf 99-loopback.conf /etc/cni/net.d/ mv kube-proxy.service /etc/systemd/system/ ``` -!!! Note "Примітка" +!!! Примітка + ``` Хоча це вважається поганою формою безпеки, вам, можливо, доведеться тимчасово або назавжди вимкнути SELinux, якщо у вас виникнуть проблеми із запуском необхідних служб systemd. Правильним рішенням є дослідження та створення необхідних файлів політики за допомогою таких інструментів, як ausearch, audit2allow тощо. Щоб виправити SELinux із шляху та вимкнути його, запустіть наступне: + ``` ```bash sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config From ba32205898667de7435cf26a28a7b691d43f9b8f Mon Sep 17 00:00:00 2001 From: wale soyinka Date: Tue, 28 Oct 2025 10:15:51 -0400 Subject: [PATCH 10/10] New translations test_cpu_compat.md (German) --- docs/gemstones/test_cpu_compat.de.md | 35 ++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 docs/gemstones/test_cpu_compat.de.md diff --git a/docs/gemstones/test_cpu_compat.de.md b/docs/gemstones/test_cpu_compat.de.md new file mode 100644 index 0000000000..1f30eb3971 --- /dev/null +++ b/docs/gemstones/test_cpu_compat.de.md @@ -0,0 +1,35 @@ +--- +title: Test der CPU-Kompatibilität +author: Steven Spencer +contributors: Louis Abel, Ganna Zhyrnova +tags: + - cpu test +--- + +# Einleitung + +Seit der Veröffentlichung von Rocky Linux 9 sind einige Installationen auf x86-64-Plattformen beim Start mit einer Kernel-Panic-Meldung fehlgeschlagen. In den meisten Fällen ist dies auf die ==Inkompatibilität der CPU mit Rocky Linux 9== zurückzuführen. Mit diesem Verfahren wird die CPU-Kompatibilität vor der Installation überprüft. **Update:** Dieses Verfahren spiegelt nun auch die Mindestprozessorkompatibilität für Rocky Linux 10 wider. + +## Testen + +1. Besorgen Sie sich ein Boot-Image von Rocky Linux 8, Fedora oder anderen. + +2. Booten Sie dieses Live-Image auf dem Computer, auf dem Sie Rocky Linux 9 installieren möchten. + +3. Nachdem der Startvorgang abgeschlossen ist, öffnen Sie ein Terminalfenster und führen Sie dieses Kommando aus: + + ```bash + /lib64/ld-linux-x86-64.so.2 --help | grep x86-64 + ``` + + Sie sollten eine Ausgabe erhalten, die etwa dieser ähnelt: + + ```bash + Usage: /lib64/ld-linux-x86-64.so.2 [OPTION]... EXECUTABLE-FILE [ARGS-FOR-PROGRAM...] + This program interpreter self-identifies as: /lib64/ld-linux-x86-64.so.2 + x86-64-v4 + x86-64-v3 + x86-64-v2 (supported, searched) + ``` + + Diese Ausgabe gibt die minimal erforderliche x86-64-Version (v2) an. In diesem Fall kann die Installation fortgesetzt werden. Wenn Sie neben `x86-64-v2` kein Eintrag (`supported, searched`) sehen, ist Ihre CPU nicht mit Rocky Linux 9.x kompatibel. Wenn der Test anzeigt, dass Ihre Installation fortgesetzt werden kann und x86-64-v3 (erforderlich für Rocky Linux 10) und x86-64-v4 auch als `(supported, searched)` aufgeführt werden, wird Ihre CPU für 9.x und zukünftige Versionen gut unterstützt.