k8s | How to deploy Portainer inside a Kubernetes environment | Continuous Deployment library

 by   portainer Shell Version: portainer-1.0.43 License: MIT

kandi X-RAY | k8s Summary

kandi X-RAY | k8s Summary

k8s is a Shell library typically used in Devops, Continuous Deployment, Ansible, Docker applications. k8s has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitHub.

This repo contains helm and YAML for deploying Portainer into a Kubernetes environment. Follow the applicable instructions for your edition / deployment methodology below:.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              k8s has a low active ecosystem.
              It has 64 star(s) with 48 fork(s). There are 10 watchers for this library.
              OutlinedDot
              It had no major release in the last 12 months.
              There are 12 open issues and 21 have been closed. On average issues are closed in 17 days. There are 11 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of k8s is portainer-1.0.43

            kandi-Quality Quality

              k8s has 0 bugs and 0 code smells.

            kandi-Security Security

              k8s has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              k8s code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              k8s is licensed under the MIT License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              k8s releases are available to install and integrate.
              Installation instructions are not available. Examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of k8s
            Get all kandi verified functions for this library.

            k8s Key Features

            No Key Features are available at this moment for k8s.

            k8s Examples and Code Snippets

            Note re persisting data
            Shelldot img1Lines of Code : 3dot img1License : Permissive (MIT)
            copy iconCopy
            nodeSelector:
              kubernetes.io/hostname: 
            
            kubectl patch deployments -n portainer portainer -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "'$(kubectl get pods -n portainer -o jsonpath='{ ..nodeName }')'"}}}}}' || (echo  
            Deploying with Helm,Enterprise Edition,Using ClusterIP with an ingress
            Shelldot img2Lines of Code : 3dot img2License : Permissive (MIT)
            copy iconCopy
            helm install --create-namespace -n portainer portainer portainer/portainer \
            --set enterpriseEdition.enabled=true \
            --set service.type=ClusterIP
              
            copy iconCopy
            helm install --create-namespace -n portainer portainer portainer/portainer \
            --set enterpriseEdition.enabled=true  \
            --set service.type=LoadBalancer
              

            Community Discussions

            QUESTION

            Microk8s dashboard using nginx-ingress via http not working (Error: `no matches for kind "Ingress" in version "extensions/v1beta1"`)
            Asked 2022-Apr-01 at 07:26

            I have microk8s v1.22.2 running on Ubuntu 20.04.3 LTS.

            Output from /etc/hosts:

            ...

            ANSWER

            Answered 2021-Oct-10 at 18:29
            error: unable to recognize "ingress.yaml": no matches for kind "Ingress" in version "extensions/v1beta1"
            

            Source https://stackoverflow.com/questions/69517855

            QUESTION

            kubectl versions Error: exec plugin is configured to use API version client.authentication.k8s.io/v1alpha1
            Asked 2022-Mar-28 at 09:41

            I was setting up my new Mac for my eks environment. After the installation of kubectl, aws-iam-authenticator and the kubeconfig file placement in default location. I ran the command kubectl command and got this error mentioned below in command block.

            My cluster uses v1alpha1 client auth api version so basically i wanted to use the same one in my Mac as well.

            I tried with latest version (1.23.0) of kubectl as well, still the same error. Whereas When i tried to do with aws-iam-authenticator (version 0.5.5) I was not able to download lower version.

            Can someone help me to resolve it?

            ...

            ANSWER

            Answered 2022-Mar-28 at 09:41

            I have the same problem

            You're using aws-iam-authenticator 0.5.5, AWS changed the way it behaves in 0.5.4 to require v1beta1.

            It depends on your configuration, but you can try to change the K8s context you're using to v1beta1

            Otherwise switch back to aws-iam-authenticator 0.5.3 - you might need to build it from source if you're using the M1 architecture as there's no darwin-arm64 binary built for it

            Source https://stackoverflow.com/questions/71318743

            QUESTION

            Enable use of images from the local library on Kubernetes
            Asked 2022-Mar-20 at 13:23

            I'm following a tutorial https://docs.openfaas.com/tutorials/first-python-function/,

            currently, I have the right image

            ...

            ANSWER

            Answered 2022-Mar-16 at 08:10

            If your image has a latest tag, the Pod's ImagePullPolicy will be automatically set to Always. Each time the pod is created, Kubernetes tries to pull the newest image.

            Try not tagging the image as latest or manually setting the Pod's ImagePullPolicy to Never. If you're using static manifest to create a Pod, the setting will be like the following:

            Source https://stackoverflow.com/questions/71493306

            QUESTION

            Why URL re-writing is not working when I do not use slash at the end?
            Asked 2022-Mar-13 at 20:40

            I have a simple ingress configuration file-

            ...

            ANSWER

            Answered 2022-Mar-13 at 20:40

            The answer is posted in the comment:

            Well, /link1/ is not a prefix of /link1 because a prefix must be the same length or longer than the target string

            If you have

            Source https://stackoverflow.com/questions/71424259

            QUESTION

            How to dynamically build a resources (V1ResourceRequirements) object for a kubernetes pod in airflow
            Asked 2022-Mar-06 at 16:26

            I'm currently migrating a DAG from airflow version 1.10.10 to 2.0.0.

            This DAG uses a custom python operator where, depending on the complexity of the task, it assigns resources dynamically. The problem is that the import used in v1.10.10 (airflow.contrib.kubernetes.pod import Resources) no longer works. I read that for v2.0.0 I should use kubernetes.client.models.V1ResourceRequirements, but I need to build this resource object dynamically. This might sound dumb, but I haven't been able to find the correct way to build this object.

            For example, I've tried with

            ...

            ANSWER

            Answered 2022-Mar-06 at 16:26

            The proper syntax is for example:

            Source https://stackoverflow.com/questions/71241180

            QUESTION

            Docker standard_init_linux.go:228: exec user process caused: no such file or directory
            Asked 2022-Feb-08 at 20:49

            Whenever I am trying to run the docker images, it is exiting in immediately.

            ...

            ANSWER

            Answered 2021-Aug-22 at 15:41

            Since you're already using Docker, I'd suggest using a multi-stage build. Using a standard docker image like golang one can build an executable asset which is guaranteed to work with other docker linux images:

            Source https://stackoverflow.com/questions/68881023

            QUESTION

            Kubernetes NodePort is not available on all nodes - Oracle Cloud Infrastructure (OCI)
            Asked 2022-Jan-31 at 14:37

            I've been trying to get over this but I'm out of ideas for now hence I'm posting the question here.

            I'm experimenting with the Oracle Cloud Infrastructure (OCI) and I wanted to create a Kubernetes cluster which exposes some service.

            The goal is:

            • A running managed Kubernetes cluster (OKE)
            • 2 nodes at least
            • 1 service that's accessible for external parties

            The infra looks the following:

            • A VCN for the whole thing
            • A private subnet on 10.0.1.0/24
            • A public subnet on 10.0.0.0/24
            • NAT gateway for the private subnet
            • Internet gateway for the public subnet
            • Service gateway
            • The corresponding security lists for both subnets which I won't share right now unless somebody asks for it
            • A containerengine K8S (OKE) cluster in the VCN with public Kubernetes API enabled
            • A node pool for the K8S cluster with 2 availability domains and with 2 instances right now. The instances are ARM machines with 1 OCPU and 6GB RAM running Oracle-Linux-7.9-aarch64-2021.12.08-0 images.
            • A namespace in the K8S cluster (call it staging for now)
            • A deployment which refers to a custom NextJS application serving traffic on port 3000

            And now it's the point where I want to expose the service running on port 3000.

            I have 2 obvious choices:

            • Create a LoadBalancer service in K8S which will spawn a classic Load Balancer in OCI, set up it's listener and set up the backendset referring to the 2 nodes in the cluster, plus it adjusts the subnet security lists to make sure traffic can flow
            • Create a Network Load Balancer in OCI and create a NodePort on K8S and manually configure the NLB to the ~same settings as the classic Load Balancer

            The first one works perfectly fine but I want to use this cluster with minimal costs so I decided to experiment with option 2, the NLB since it's way cheaper (zero cost).

            Long story short, everything works and I can access the NextJS app on the IP of the NLB most of the time but sometimes I couldn't. I decided to look it up what's going on and turned out the NodePort that I exposed in the cluster isn't working how I'd imagine.

            The service behind the NodePort is only accessible on the Node that's running the pod in K8S. Assume NodeA is running the service and NodeB is just there chilling. If I try to hit the service on NodeA, everything is fine. But when I try to do the same on NodeB, I don't get a response at all.

            That's my problem and I couldn't figure out what could be the issue.

            What I've tried so far:

            • Switching from ARM machines to AMD ones - no change
            • Created a bastion host in the public subnet to test which nodes are responding to requests. Turned out only the node responds that's running the pod.
            • Created a regular LoadBalancer in K8S with the same config as the NodePort (in this case OCI will create a classic Load Balancer), that works perfectly
            • Tried upgrading to Oracle 8.4 images for the K8S nodes, didn't fix it
            • Ran the Node Doctor on the nodes, everything is fine
            • Checked the logs of kube-proxy, kube-flannel, core-dns, no error
            • Since the cluster consists of 2 nodes, I gave it a try and added one more node and the service was not accessible on the new node either
            • Recreated the cluster from scratch

            Edit: Some update. I've tried to use a DaemonSet instead of a regular Deployment for the pod to ensure that as a temporary solution, all nodes are running at least one instance of the pod and surprise. The node that was previously not responding to requests on that specific port, it still does not, even though a pod is running on it.

            Edit2: Originally I was running the latest K8S version for the cluster (v1.21.5) and I tried downgrading to v1.20.11 and unfortunately the issue is still present.

            Edit3: Checked if the NodePort is open on the node that's not responding and it is, at least kube-proxy is listening on it.

            ...

            ANSWER

            Answered 2022-Jan-31 at 12:06

            Might not be the ideal fix, but can you try changing the externalTrafficPolicy to Local. This would prevent the health check on the nodes which don't run the application to fail. This way the traffic will only be forwarded to the node where the application is . Setting externalTrafficPolicy to local is also a requirement to preserve source IP of the connection. Also, can you share the health check config for both NLB and LB that you are using. When you change the externalTrafficPolicy, note that the health check for LB would change and the same needs to be applied to NLB.

            Edit: Also note that you need a security list/ network security group added to your node subnet/nodepool, which allows traffic on all protocols from the worker node subnet.

            Source https://stackoverflow.com/questions/70893487

            QUESTION

            Kubernetes use the same volumeMount in initContainer and Container
            Asked 2022-Jan-21 at 15:23

            I am trying to get a volume mounted as a non-root user in one of my containers. I'm trying an approach from this SO post using an initContainer to set the correct user, but when I try to start the configuration I get an "unbound immediate PersistentVolumneClaims" error. I suspect it's because the volume is mounted in both my initContainer and container, but I'm not sure why that would be the issue: I can see the initContainer taking the claim, but I would have thought when it exited that it would release it, letting the normal container take the claim. Any ideas or alternatives to getting the directory mounted as a non-root user? I did try using securityContext/fsGroup, but that seemed to have no effect. The /var/rdf4j directory below is the one that is being mounted as root.

            Configuration:

            ...

            ANSWER

            Answered 2022-Jan-21 at 08:43

            1 pod has unbound immediate PersistentVolumeClaims. - this error means the pod cannot bound to the PVC on the node where it has been scheduled to run on. This can happen when the PVC bounded to a PV that refers to a location that is not valid on the node that the pod is scheduled to run on. It will be helpful if you can post the complete output of kubectl get nodes -o wide, kubectl describe pvc triplestore-data-storage, kubectl describe pv triplestore-data-storage-dir to the question.

            The mean time, PVC/PV is optional when using hostPath, can you try the following spec and see if the pod can come online:

            Source https://stackoverflow.com/questions/70717175

            QUESTION

            Criteria for default garbage collector Hotspot JVM 11/17
            Asked 2022-Jan-11 at 10:26

            I found a source describing that the default gc used changes depending on the available resources. It seems that the jvm uses either g1gc or serial gc dependnig on hardware and os.

            The serial collector is selected by default on certain hardware and operating system configurations

            Can someone point out a more detailed source on what the specific criteria is and how that would apply in a dockerized/kubernetes enivronment. In other words:

            Could setting resource requests of the pod in k8s to eg. 1500 mCpu make the jvm use serial gc and changing to 2 Cpu change the default gc to g1gc? Do the limits on when which gc is used change depending on jvm version (11 vs 17)?

            ...

            ANSWER

            Answered 2022-Jan-11 at 10:24

            In JDK 11 and 17 Serial collector is used when there is only one CPU available. Otherwise G1 is selected

            If you limit the number of CPUS available to your container, JVM selects Serial instead of the defaultG1

            JDK11 1 CPU

            Source https://stackoverflow.com/questions/70664562

            QUESTION

            Using pod Anti Affinity to force only 1 pod per node
            Asked 2022-Jan-01 at 12:50

            I am trying to get my deployment to only deploy replicas to nodes that aren't running rabbitmq (this is working) and also doesn't already have the pod I am deploying (not working).

            I can't seem to get this to work. For example, if I have 3 nodes (2 with label of app.kubernetes.io/part-of=rabbitmq) then all 2 replicas get deployed to the remaining node. It is like the deployments aren't taking into account their own pods it creates in determining anti-affinity. My desired state is for it to only deploy 1 pod and the other one should not get scheduled.

            ...

            ANSWER

            Answered 2022-Jan-01 at 12:50

            I think Thats because of the matchExpressions part of your manifest , where it requires pods need to have both the labels app.kubernetes.io/part-of: rabbitmq and app: testscraper to satisfy the antiaffinity rule.

            Based on deployment yaml you have provided , these pods will have only app: testscraper but NOT pp.kubernetes.io/part-of: rabbitmq hence both the replicas are getting scheduled on same node

            from Documentation (The requirements are ANDed.):

            Source https://stackoverflow.com/questions/70547587

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install k8s

            You can download it from GitHub.

            Support

            Install the helm chart:.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries

            Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link