data-plane.md

🧮 Plan de données data plane

📍 Joindre un noeud

À l'initialisation du plan de contrôle, un 🎟️ jeton à été donné avec la commande kubeadm, récupérer cette commande.

Elle devrait ressembler à la suivante:

$ kubeadm join betelgeuse.orion.gasy.africa:6443 --token 4gp39y.898okq2rcj3j8wgl \
    --discovery-token-ca-cert-hash sha256:348cf90011e40088944a5f5cfe3279c04a0dfb24f56ba21209e61fdc15af3645

💡 N'oubliez de rajouter sudo

🔙

🆑 Gestion des Jetons 🎟️

Si vous avez perdu le 🎟️ jeton, ou que le jeton a expiré

📍 Sur le 🎛️ plan de contrôle,

• Afficher la liste des 🎟️ Jetons

Observer le champ TTL (Time To Live), il indique le temps restant avant expiration du jeton d'une durée de vie de 24h

$ kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
seg7l8.5b6iz1mpixhtool4   17h         2021-04-05T12:12:01Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

⭐ Si le jeton n'a pas expiré:

🎛️ Sur le plan de contrôle, récuperer les information suivantes

• Le hashage #️⃣ du certificat SHA256

$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt \
    | openssl rsa -pubin -outform der 2>/dev/null \
    | openssl dgst -sha256 -hex \
    | sed 's/^.* //'

• Le jeton 🎟️ non expiré

$ kubeadm token list

🧮 Sur le plan de données

• Donner les valeurs récupérées aux variables d'environnements suivantes: (par example)

$ CTL_PLANE="betelgeuse.orion.gasy.africa"
$ TOKEN="tod4ok.xbzkz5h9zg2q7c1j"
$ CA_CERT_HASH="c41ff0c3608120eaf7599bc77f6bc72b1e75c46caa073bb28cba21ea1f86f5ef"

• Exécuter la commande permettant de joindre la grappe

$ sudo kubeadm join ${CTL_PLANE}:6443 --token ${TOKEN} --discovery-token-ca-cert-hash sha256:${CA_CERT_HASH}

📍 Si les jetons ont tous expirés, regénérer un jeton avec les commandes ci-dessous

🎛️ sur le plan de controle

$ kubeadm token create --print-join-command

Retourne

W0325 19:10:34.388061   53964 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join betelgeuse.orion.gasy.africa:6443 --token fu6544.o36km11eg95slej1     --discovery-token-ca-cert-hash sha256:348cf90011e40088944a5f5cfe3279c04a0dfb24f56ba21209e61fdc15af3645

🧮 sur le plan de données

$ sudo kubeadm join betelgeuse.orion.gasy.africa:6443 --token fu6544.o36km11eg95slej1     --discovery-token-ca-cert-hash sha256:348cf90011e40088944a5f5cfe3279c04a0dfb24f56ba21209e61fdc15af3645 

❌ Troubleshooting

🎛️ Sur le plan de controle

Lister les noeuds and obtenir le vous voulez drainer (enlever de la grappe)

$ kubectl get nodes

1. Pemièrement, drainer le noeud

$ kubectl drain <nom-du-neoud>

Vous pouvez ignorer les daemonsets et données locale dans la machine

$ kubectl drain <node-name> --ignore-daemonsets --delete-local-data

2. Finalement, enlever le noeud

$ kubectl delete node <node-name>

❌ Réinitialiser le noeud

 sudo kubeadm reset

Retourne

[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W0325 18:59:42.226203 3662407 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
  

• Nettoyer les fichiers restants

   sudo rm -rf /etc/cni $HOME/.kube/config

⁉️ Unhealthy 💧 Kubelet

[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
[kubelet-check] Initial timeout of 40s passed.

Unfortunately, an error has occurred:
        timed out waiting for the condition

This error is likely caused by:
        - The kubelet is not running
        - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
        - 'systemctl status kubelet'
        - 'journalctl -xeu kubelet'
error execution phase kubelet-start: timed out waiting for the condition
To see the stack trace of this error execute with --v=5 or higher

References

https://stackoverflow.com/questions/51126164/how-do-i-find-the-join-command-for-kubeadm-on-the-master

https://unix.stackexchange.com/questions/87405/how-can-i-execute-local-script-on-remote-machine-and-include-arguments

https://sdorsett.github.io/post/2018-12-26-using-local-exec-and-remote-exec-provisioners-with-terraform/

https://stackoverflow.com/questions/35757620/how-to-gracefully-remove-a-node-from-kubernetes

https://stackoverflow.com/questions/35757620/how-to-gracefully-remove-a-node-from-kubernetes