diff --git a/README.md b/README.md index f27c9fa..603a767 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,6 @@ Kubernetes is an open‑source platform that automates the deployment, scaling, and management of containerized applications. It acts as an orchestrator, ensuring your containers run reliably across clusters of machines, handling networking, storage, and updates without downtime. -- [k3s](#k3s) - - [Install / Setup](#install--setup) - - [misc](#misc) - - [prune old image](#prune-old-image) - - [check system logs](#check-system-logs) - [kubectl](#kubectl) - [Get Pod](#get-pod) - [Pod delete](#pod-delete) @@ -30,68 +25,13 @@ Kubernetes is an open‑source platform that automates the deployment, scaling, - [get certificate end date](#get-certificate-end-date) - [service accounts](#service-accounts) - [core-dns](#core-dns) - -## k3s - -K3s is a lightweight, certified Kubernetes distribution designed to run in resource‑constrained environments such as edge devices, IoT appliances, and small servers. It simplifies installation and operation by packaging Kubernetes into a single small binary, while still being fully compliant with the Kubernetes API. - -🌐 What K3s Is - -- Definition: K3s is a simplified Kubernetes distribution created by Rancher Labs (now part of SUSE) and maintained under the CNCF. -- Purpose: It’s built for environments where full Kubernetes (K8s) is too heavy — like Raspberry Pis, edge servers, or CI pipelines. -- Size: The entire distribution is packaged into a binary under ~70MB. - -### Install / Setup - -**Default master installation:** - -``` bash -curl -sfL https://get.k3s.io | sh - -``` - -Install specific version and disable: - -- flannel (alternative example calico) -- servicelb (alternative example metallb) -- traefik (then install using helm chart or custom manifests for better control) - -```bash -curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.33.3+k3s1 INSTALL_K3S_EXEC="--flannel-backend=none \ ---disable-network-policy \ ---cluster-cidr=10.42.0.0/16 \ ---disable=servicelb \ ---disable=traefik" \ - sh - -``` - -### misc - -#### prune old image - -prune old images, execute on kubernetes host node - -```bash -crictl rmi --prune -``` - -#### check system logs - -```bash -sudo journalctl -u k3s-agent --since "1h ago" --reverse --no-pager | more -sudo journalctl -u k3s-agent --since "1 hour ago" --reverse | grep -i "Starting k3s-agent.service" -sudo journalctl -u k3s --reverse | grep -i "Starting k3s.service" - -## Kubernetes DNS - -**Automatic DNS Records:** Kubernetes automatically creates DNS entries for Services and Pods. This allows workloads to connect using predictable names instead of IPs, which may change. - -### Services DNS Name - -```text -..svc. -``` - -*Example: [test-services.services.svc.cluster.local](test-services.services.svc.cluster.local).* + - [Services DNS Name](#services-dns-name) +- [k3s](#k3s) + - [Install / Setup](#install--setup) + - [prune old image](#prune-old-image) + - [check system logs](#check-system-logs) + - [Workarounds \& Fixes](#workarounds--fixes) + - [Failed unmounting var-lib-rancher.mount on reboot](#failed-unmounting-var-lib-ranchermount-on-reboot) ## kubectl @@ -385,6 +325,14 @@ kubectl get secret continuous-deploy -o jsonpath='{.data.token}' | base64 -d ## core-dns +Kubernetes automatically provides DNS names for Services and Pods, and CoreDNS serves these records. This allows workloads to communicate using stable, predictable names instead of changing IP addresses. + +### Services DNS Name + +```text +..svc. +``` + Remove warning from logs. ```log @@ -407,3 +355,115 @@ data: # ``` + +## k3s + +K3s is a lightweight, certified Kubernetes distribution designed to run in resource‑constrained environments such as edge devices, IoT appliances, and small servers. It simplifies installation and operation by packaging Kubernetes into a single small binary, while still being fully compliant with the Kubernetes API. + +🌐 What K3s Is + +- Definition: K3s is a simplified Kubernetes distribution created by Rancher Labs (now part of SUSE) and maintained under the CNCF. +- Purpose: It’s built for environments where full Kubernetes (K8s) is too heavy — like Raspberry Pis, edge servers, or CI pipelines. +- Size: The entire distribution is packaged into a binary under ~70MB. + +### Install / Setup + +**Default master installation:** + +``` bash +curl -sfL https://get.k3s.io | sh - +``` + +Install specific version and disable: + +- flannel (alternative example calico) +- servicelb (alternative example metallb) +- traefik (then install using helm chart or custom manifests for better control) + +```bash +curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.33.3+k3s1 INSTALL_K3S_EXEC="--flannel-backend=none \ +--disable-network-policy \ +--cluster-cidr=10.42.0.0/16 \ +--disable=servicelb \ +--disable=traefik" \ + sh - +``` + +### prune old image + +prune old images, execute on kubernetes host node + +```bash +crictl rmi --prune +``` + +### check system logs + +```bash +sudo journalctl -u k3s-agent --since "1h ago" --reverse --no-pager | more +sudo journalctl -u k3s-agent --since "1 hour ago" --reverse | grep -i "Starting k3s-agent.service" +sudo journalctl -u k3s --reverse | grep -i "Starting k3s.service" +``` + +*Example: [test-services.services.svc.cluster.local](test-services.services.svc.cluster.local).* + +### Workarounds & Fixes + +#### Failed unmounting var-lib-rancher.mount on reboot + +When running K3s with /var/lib/rancher on a separate disk. + +K3s and containerd often leave behind mount namespaces and overlay layers that block clean unmounting during shutdown. +This causes slow reboots and errors like: + +``` bash +Failed unmounting var-lib-rancher.mount +``` + +1. Create the cleanup service + + ``` bash + nano /etc/systemd/system/rancher-cleanup.service + ``` + + Paste: + + ``` bash + + [Unit] + DefaultDependencies=no + Before=shutdown.target + + [Service] + Type=oneshot + ExecStart=/bin/sh -c '/bin/umount -l /var/lib/rancher || true' + + [Install] + WantedBy=shutdown.target + + ``` + + Why this works + + - DefaultDependencies=no ensures the service runs early. + - Before=umount.target guarantees it executes before systemd tries to unmount anything. + - umount -l detaches the filesystem immediately, even if containerd still holds namespaces. + - || true prevents harmless “not mounted” errors from blocking shutdown. + +1. Reload systemd + + ``` bash + systemctl daemon-reload + ``` + +1. Enable the cleanup service + + ```bash + systemctl enable rancher-cleanup.service + ``` + +1. Reboot to test: + + ``` bash + reboot + ```