Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    RyzeNGrind
    @RyzeNGrind
    I'm a software engineering student currently teaching myself devops and kubernetes. I had some ideas for a few PaaS I wanted to self host and test deploy on my cluster of RPIs but i couldnt find any easy to use tools to manage my cluster asides from garden.io and kubesail. Would appreciate any advice any of you may have on how I could proceed. Thanks again.
    Jean-François Lamy
    @jflamy
    (I intend to run the docker desktop cluster under a free account, and the DO one under my current hobby tier subscription)
    Jean-François Lamy
    @jflamy
    @RyzeNGrind I use https://k8slens.dev/ to complement Kubesail, also works with Docker Desktop, k3s, should work with any k8s. Just copy-paste the kube config. It includes its own copy of kubect.
    Seandon Mooy
    @erulabs
    @RyzeNGrind - Technically, you can buy a domain, and point that domain at your home IP address, and as long as you tell your Kubernetes cluster about that domain, things should just work - in k3s the option is --advertise-address for example. But KubeSail does aim to make this easier by automatically assigning you an address for your cluster, and automatically setting a DNS name for your home-IP address. I hope this answers that question. There is no ETA for GitLab on the site just yet, but you can install the GitLab runner on your cluster yourself and things should work normally (just won't be on the KubeSail website). That's all a bit complex, so let me know if I misunderstood your question and I'd be happy to help :)
    Jean-François Lamy
    @jflamy
    Hello. Issues with letsencrypt certificates. On account jflamy I created a BYOC cluster. I deleted the existing ingresses and secrets, and used the KubeSail interface to reinstall nginx and the cert manager. I then recreated the ingresses. Because that account is a free account, I get https://owlcms.owlcms.jflamy.usw1.k8g8.com and https://results.owlcms.jflamy.usw1.k8g8.com but both fail as they still publish a self-signed certificate.
    @erulabs see just above for issues on letsencrypt for BYOC. Maybe am just impatient?
    Seandon Mooy
    @erulabs
    Ack! It looks like when you accept the invalid certificate at https://owlcms.owlcms.jflamy.usw1.k8g8.com/ it says 'No ingress controller found!' - that message comes from the KubeSail agent - so at least the gateway <-> agent connection is working properly - but the agent wasn't able to find your ingress controller.
    It should find it pretty quickly - I wonder if you checked the logs in the kubesail-agent namespace, it might print that it couldn't find any ingress controller. You may try restarting the agent and seeing if the ingress starts to work.
    The ingress needs to work first before the certificates are able to generate (the cert-manager uses the ingress system for validation with LetsEncrypt)
    If restarting the agent does the trick, would you mind sharing what version of the agent you're using (should be in the logs and on the kubesail dashboard at https://kubesail.com/clusters and then click 'Details')
    I just recently modified the code that searches for ingress controllers, and some people have reported issues - it's possible there is still one lurking :(
    Ah, I see https://owlcms.owlcms.jflamy.usw1.k8g8.com/ returns an Nginx message now - so one step forward! I assume restarting the agent did the trick there... I'll look into that asap, that's not a good bug :crying_cat_face:
    Ideally, the certificate should go valid shortly (you can check the cert-manager pod in that namespace and the logs should say what's happening - I plan on surfacing this in the UI much better in the future)
    Jean-François Lamy
    @jflamy
    sorry. should be "officials.owlcms..." there seems to be a glitch there
    Seandon Mooy
    @erulabs
    That address seems to work :D
    Jean-François Lamy
    @jflamy
    the service is called owlcms and I am overriding the dropdown but does not seem to stick
    Seandon Mooy
    @erulabs
    Ah, in the 'Network' tab on KubeSail?
    Jean-François Lamy
    @jflamy
    image.png
    Works indeed. The dropdown does not read the current setting, which is slightly misleading.
    Seandon Mooy
    @erulabs
    Interesting, it's possible you have multiple ingresses? I assume the dropdown you refer to is in the 'Network' / 'Ingress' tab on kubesail? Also, did you have to restart the agent?
    I'll investigate both of those bugs asap :heart:
    Jean-François Lamy
    @jflamy
    That cluster had my custom domain ingress file referencing letsencrypt certificates (but no certmanager) and an existing nginx. I bushwacked my way by asking kubesail to do the nginx and cert-manager installs, deleting the two existing ingresses, and recreating repeatedly. After restart of the agent, there may be hidden stuff left, but I don't see any using Lens or the web interface.
    Seandon Mooy
    @erulabs
    @jflamy We've recently released a lot of updates to the KubeSail agent - so I do recommend if you go to https://kubesail.com/clusters you should be able to upgrade your agent in the 'Details' page - hopefully that resolves the problem with the agent discovering the ingress controller. It's still possible that's not 100% perfect tho, but a restart of the agent usually does the trick (if the ingress system changes a lot). You might also check the /resources tab which should show the raw ingress documents more clearly. I'd be happy to do a Zoom call as well if you need a hand getting things sorted out :) Thanks for keeping at it!
    RyzeNGrind
    @RyzeNGrind
    @jflamy thank you for the reference i will take a look seems like a useful tool to have in the toolbox.
    @erulabs thank you for breaking it down and elaborating. Would I be able to use a dynamic DNS to self manage the cluster? I have openwrt with ddns client on my home router.
    Seandon Mooy
    @erulabs
    Of course - please let me know if you need any more help! Would love to improve our documentation to answer these kinds of questions!
    RyzeNGrind
    @RyzeNGrind
    @erulabs just edited my question after posting accidentally via mobile gitter browser chat. Would appreciate your opinion when you have a chance to take a look.
    Jean-François Lamy
    @jflamy
    @erulabs this was the brand new agent from earlier today and the ingress yaml were looking fine.
    @erulabs given the magnitude of the ingress changes (new names and new secrets) and my brutal way of updating (delete and recreate) it's not really surprising that a restart was needed
    Seandon Mooy
    @erulabs
    Hehe - yes, I'm not surprised either, but our agent code listens to changes to the ingress system and should react properly - that might have been a little more than it can handle but either way I'd like it to handle it eventually - can be non-obvious that it just needs a restart to pick up the changes. Glad you got it sorted though! Going to add a test for that situation to my list either way <3
    @RyzeNGrind, You mention "without relying on an external website" - can you explain more what you mean there? KubeSail will give you a domain name you can use to communicate with your clusters, but certainly you can point a domain at your cluster yourself as well. Do you mean a custom domain for apps hosted on your cluster? If so, you should be able to configure that on our site as well. Let me know if I'm misunderstanding - would love to help get you setup and working properly!
    1 reply
    jflamy-dev
    @jflamy-dev
    @erulabs am trying to setup things so Lens uses the kubesail config to get to my cluster. When giving Lens the config exported from kubesail, I get
    2021/01/28 17:11:32 http: proxy error: x509: certificate is valid for docker-for-desktop, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, 
    kubernetes
    .docker.internal, vm.docker.internal, localhost, not owlcms.jflamy.usw1.k8g8.com
    So there is some magic missing - my cluster refuses its proxied identity
    Seandon Mooy
    @erulabs
    Hey @jflamy-dev - I believe you can add insecure-skip-tls-verify: true to your KubeConfig and lens should respect that. The alternative option is to boot your kube cluster in such a way that it has owlcms.jflamy.usw1.k8g8.com as its "advertise address" - the first option should be a lot easier to get going, but is a bit less secure
    EG: edit the kubeconfig like so:
    clusters:
    - cluster:
        server: your-address
        insecure-skip-tls-verify: true
    jflamy-dev
    @jflamy-dev
    Ok, will give it a try.
    Seandon Mooy
    @erulabs
    (I've just added that to the kubeconfig thats provided for BYOC clusters to kubesail, been leaning towards doing that for a while (the docs already mention the commandline version of that flag, but it's a new feature in the config itself))
    In about 10 minutes the /config page will have that pre-filled for you :dancer:
    jflamy-dev
    @jflamy-dev
    (did not work at first attempt; will try after getting dinner started)
    Seandon Mooy
    @erulabs
    okay, I'll do a test as well - I believe support for that was only recently added to Lens, so might need the newest version
    jflamy-dev
    @jflamy-dev
    I have latest.
    jflamy-dev
    @jflamy-dev
    Lens crashes after switching false to true.
    Seandon Mooy
    @erulabs
    Hey @jflamy-dev - I believe you may need to remove the ca-data portion of the kube config - can you try refreshing your browser and using the config from https://kubesail.com/config ?
    (We've removed the ca-data and automatically added the verify: false flag for now)
    jflamy-dev
    @jflamy-dev
    Works. Thks much!
    Seandon Mooy
    @erulabs
    No problemo - as always, your feedback drove an improvement for everyone! :heart: thank you!
    jflamy-dev
    @jflamy-dev
    Next up: k3s running on WSL2. Runs fine normally. Trying to add kubesail-agent yields 0/1 nodes are available: 1 node(s) were unschedulable. Was trying k3s as a dry run prior to tackling Digital Oceab because the memory footprint is much smaller than running a kubernetes cluster on Digital Ocean (they actually suggest running the baby versions for single-node clusters).
    jflamy-dev
    @jflamy-dev
    Nothing special in the logs. Comes with Traefik. Since I cannot connect, can't do the kubesail ingress magic.
    Retch
    @Retch
    Hello, i wanted to add my microk8s, and i get this warning: ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding Is this important?
    jflamy-dev
    @jflamy-dev
    @erulabs regarding the node unschedulable issue on k3s: I am running a single node, just running the k3s server. Maybe there is a taint or something similar that is preventing the agent from running ? My intent is to have something as simple as possible to run on a a small DigitalOcean node. I want to be able to publish a recipe whereby a moderately technical person can open a DO account, install k3s, expose it via Kubesail, and either deploy a template. You know, sort of like the shared clusters (sad face). Cheap is the operative word, the target is penny-pinching amateur sport federations and clubs.