DEV Community: kittisuw The latest articles on DEV Community by kittisuw (@kittisuw). https://dev.to/kittisuw https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F346951%2Fb0ee69aa-e18b-4e46-99ba-9a46228e7a9e.jpg DEV Community: kittisuw https://dev.to/kittisuw en πŸš€ How to Self-Host n8n with Docker Compose kittisuw Mon, 28 Jul 2025 08:53:49 +0000 https://dev.to/kittisuw/how-to-self-host-n8n-with-docker-compose-3o9p https://dev.to/kittisuw/how-to-self-host-n8n-with-docker-compose-3o9p <p>n8n is a powerful open-source workflow automation tool. If you're deploying it yourself using Docker Compose, it's important to <strong>pin the image version</strong> for reliability and control.</p> <h2> βœ… Prerequisites </h2> <p>Before you begin, ensure your system has:</p> <ul> <li> <a href="https://docs.docker.com/get-docker/" rel="noopener noreferrer">Docker</a> installed</li> <li> <a href="https://docs.docker.com/compose/install/" rel="noopener noreferrer">Docker Compose</a> installed</li> <li>A working terminal (Linux, macOS, or WSL on Windows)</li> <li>Basic knowledge of Docker CLI</li> </ul> <p>Check versions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker <span class="nt">-v</span> docker compose version </code></pre> </div> <h2> 🧱 Step-by-Step Installation </h2> <h3> 1️⃣ Create a directory </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> ~/n8n-docker <span class="o">&amp;&amp;</span> <span class="nb">cd</span> ~/n8n-docker </code></pre> </div> <h3> 2️⃣ Create <code>docker-compose.yml</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.7"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">n8n</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">n8nio/n8n:1.103.2</span> <span class="c1"># βœ… Pin the version</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5678:5678"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">GENERIC_TIMEZONE=Asia/Bangkok</span> <span class="pi">-</span> <span class="s">N8N_BASIC_AUTH_ACTIVE=true</span> <span class="pi">-</span> <span class="s">N8N_BASIC_AUTH_USER=admin</span> <span class="pi">-</span> <span class="s">N8N_BASIC_AUTH_PASSWORD=your-password</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./n8n_data:/home/node/.n8n</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p>🧐 <strong>Explanation</strong>:</p> <ul> <li> <code>volumes</code>: persists your workflows and credentials.</li> <li> <code>restart: unless-stopped</code>: auto-restarts unless manually stopped.</li> <li> <code>image: n8nio/n8n:1.103.2</code>: fixes version to avoid surprises on update.</li> <li> <code>restart: unless-stopped</code>: self restart</li> </ul> <h3> 3️⃣ Start the container </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose up <span class="nt">-d</span> </code></pre> </div> <h3> 4️⃣ Access n8n </h3> <p>Visit: <a href="http://localhost:5678" rel="noopener noreferrer">http://localhost:5678</a><br> Login: <code>admin</code> / <code>your-password</code></p> <h2> πŸ”’ Why You Should Pin the Docker Image Version </h2> <p>Avoid using <code>latest</code> β€” it could break your workflows after unexpected updates.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Behavior</th> <th>Result</th> </tr> </thead> <tbody> <tr> <td><code>latest</code></td> <td>May auto-update on pull, could introduce breaking changes</td> </tr> <tr> <td><code>:1.103.2</code></td> <td>Stable and predictable version</td> </tr> </tbody> </table></div> <p>πŸ‘‰ Check <a href="https://hub.docker.com/r/n8nio/n8n/tags" rel="noopener noreferrer">Docker Hub tags</a> and <a href="https://docs.n8n.io/release-notes/" rel="noopener noreferrer">release notes</a>.</p> <h2> πŸ›  Upgrade Procedure </h2> <ol> <li>Backup the <code>./n8n_data</code> directory</li> <li>Update the image tag in <code>docker-compose.yml</code> </li> <li>Pull and restart and verify system health </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose pull docker compose up <span class="nt">-d</span> docker ps </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 923e00afb0bc n8nio/n8n:1.103.3 <span class="s2">"tini -- /docker-ent…"</span> 2 hours ago Up 2 hours 0.0.0.0:5678-&gt;5678/tcp n8n-n8n-1 </code></pre> </div> <h2> βœ… Summary </h2> <ul> <li>Self-host n8n with Docker Compose</li> <li>Pin the Docker image version</li> <li>Secure access with basic auth</li> <li>Persist data with volume mounts</li> <li>Safe upgrade flow</li> </ul> <p>#n8n #Automation #SelfHosted</p> Installing Kubernetes with Kubespray on CenOS 7 Guide kittisuw Wed, 27 Jan 2021 06:50:35 +0000 https://dev.to/kittisuw/installing-kubernetes-with-kubespray-on-cenos-7-guide-4ee3 https://dev.to/kittisuw/installing-kubernetes-with-kubespray-on-cenos-7-guide-4ee3 <h1> Installing Kubernetes with Kubespray on CenOS 7 Guide </h1> <h2> Preparing ansible </h2> <h3> 1. Disable selinbux and firewalld </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo</span> <span class="nt">-i</span> <span class="gp">#</span><span class="w"> </span>setenforce 0 <span class="gp">#</span><span class="w"> </span><span class="nb">sed</span> <span class="nt">-i</span> <span class="s2">"s/^SELINUX</span><span class="se">\=</span><span class="s2">enforcing/SELINUX</span><span class="se">\=</span><span class="s2">disabled/g"</span> /etc/selinux/config <span class="gp">#</span><span class="w"> </span>systemctl disable firewalld<span class="p">;</span> systemctl stop firewalld<span class="p">;</span> systemctl mask firewalld </code></pre> </div> <h3> 2. Installation require package for git,ansible </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span>yum update <span class="gp">#</span><span class="w"> </span>yum <span class="nb">install </span>git <span class="gp">#</span><span class="w"> </span>yum <span class="nb">install </span>epel-release <span class="gp">#</span><span class="w"> </span>yum <span class="nb">install </span>python-pip <span class="gp">#</span><span class="w"> </span>pip <span class="nb">install</span> β€” upgrade pip </code></pre> </div> <h3> 3.Git clone the Kubespray repository and install requirement </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span>git clone https://github.com/kubernetes-sigs/kubespray.git <span class="gp">#</span><span class="w"> </span><span class="nb">cd </span>kubespray <span class="gp">#</span><span class="c">##Install requirements</span> <span class="gp">#</span><span class="w"> </span>pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="gp">#</span><span class="c">##Copy ``inventory/sample`` as ``inventory/mycluster``</span> <span class="gp">#</span><span class="w"> </span><span class="nb">cp</span> <span class="nt">-rfp</span> inventory/sample inventory/mycluster </code></pre> </div> <h3> 4. Genarate ssh key and copy to all vm that prepare to install K8s cluster </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span>ssh-keygen <span class="nt">-t</span> rsa <span class="gp">#</span><span class="w"> </span>ssh-copy-id <span class="nt">-p</span> 2324 admin@<span class="o">{</span>ip of K8s node<span class="o">}</span> <span class="c">... </span></code></pre> </div> <h2> 5. Prepare file config hosts </h2> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray/inventory/k8scluster <span class="gp">#</span><span class="w"> </span><span class="nb">cp </span>inventory.ini hosts.ini </code></pre> </div> <h3> hosts.ini </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray/inventory/k8scluster <span class="gp">#</span><span class="w"> </span>vi hosts.ini <span class="go">--- </span><span class="gp">#</span><span class="w"> </span><span class="c">## Configure 'ip' variable to bind kubernetes services on a</span> <span class="gp">#</span><span class="w"> </span><span class="c">## different ip than the default iface</span> <span class="gp">#</span><span class="w"> </span><span class="c">## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value.</span> <span class="go">[all] k8sm901 ansible_host=10.233.247.64 ip=10.30.2.25 k8sm902 ansible_host=10.233.247.65 ip=10.30.2.26 k8sm903 ansible_host=10.233.247.66 ip=10.30.2.27 k8sw901 ansible_host=10.233.247.67 ip=10.30.2.28 k8sw902 ansible_host=10.233.247.68 ip=10.30.2.29 k8sw903 ansible_host=10.233.247.69 ip=10.30.2.30 k8sw904 ansible_host=10.233.247.61 ip=10.30.2.22 k8sw905 ansible_host=10.233.247.62 ip=10.30.2.23 </span><span class="gp">#</span><span class="w"> </span><span class="c">## configure a bastion host if your nodes are not directly reachable</span> <span class="gp">#</span><span class="w"> </span>bastion <span class="nv">ansible_host</span><span class="o">=</span>x.x.x.x <span class="nv">ansible_user</span><span class="o">=</span>some_user <span class="go"> [kube-master] k8sm901 k8sm902 k8sm903 [etcd] k8sm901 k8sm902 k8sm903 [kube-node] k8sm901 k8sm902 k8sm903 k8sw901 k8sw902 k8sw903 k8sw904 k8sw905 [calico-rr] [k8s-cluster:children] kube-master kube-node calico-rr [all:vars] ansible_ssh_user=admin ansible_ssh_port=2324 --- </span></code></pre> </div> <h3> 6. Test ansible ping </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray <span class="gp">#</span><span class="w"> </span>ansible <span class="nt">-i</span> inventory/k8scluster/hosts.ini <span class="nt">-m</span> ping all <span class="gp">k8sw901 | SUCCESS =&gt;</span><span class="w"> </span><span class="o">{</span> <span class="go"> "changed": false, "ping": "pong" } </span><span class="gp">k8sm902 | SUCCESS =&gt;</span><span class="w"> </span><span class="o">{</span> <span class="go"> "changed": false, "ping": "pong" } </span><span class="gp">k8sm903 | SUCCESS =&gt;</span><span class="w"> </span><span class="o">{</span> <span class="go"> "changed": false, "ping": "pong" } </span><span class="gp">k8sm901 | SUCCESS =&gt;</span><span class="w"> </span><span class="o">{</span> <span class="go"> "changed": false, "ping": "pong" } </span><span class="gp">k8sw903 | SUCCESS =&gt;</span><span class="w"> </span><span class="o">{</span> <span class="go"> "changed": false, "ping": "pong" } </span><span class="gp">k8sw904 | SUCCESS =&gt;</span><span class="w"> </span><span class="o">{</span> <span class="go"> "changed": false, "ping": "pong" } </span><span class="gp">k8sw905 | SUCCESS =&gt;</span><span class="w"> </span><span class="o">{</span> <span class="go"> "changed": false, "ping": "pong" } </span><span class="gp">k8sw906 | SUCCESS =&gt;</span><span class="w"> </span><span class="o">{</span> <span class="go"> "changed": false, "ping": "pong" } </span><span class="gp">k8sw902 | SUCCESS =&gt;</span><span class="w"> </span><span class="o">{</span> <span class="go"> "changed": false, "ping": "pong" } </span></code></pre> </div> <h2> Preparing k8s nodes </h2> <h3> 7. Uninstall docker,k8s on K8s nodes and install jq </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo</span> <span class="nt">-i</span> <span class="gp">#</span><span class="w"> </span>docker <span class="nb">rm</span> <span class="sb">`</span>docker ps <span class="nt">-a</span> <span class="nt">-q</span><span class="sb">`</span> <span class="gp">#</span><span class="w"> </span>docker rmi <span class="sb">`</span>docker images <span class="nt">-q</span><span class="sb">`</span> <span class="gp">#</span><span class="w"> </span>kubeadm reset <span class="gp">#</span><span class="w"> </span>yum remove kubeadm kubectl kubelet kubernetes-cni kube<span class="k">*</span> <span class="nt">-y</span> <span class="gp">#</span><span class="w"> </span>yum autoremove <span class="gp">#</span><span class="w"> </span><span class="nb">rm</span> <span class="nt">-rf</span> ~/.kube <span class="gp">#</span><span class="c">##Install jq</span> <span class="gp">#</span><span class="w"> </span><span class="o">(</span>yum <span class="nb">install </span>epel-release <span class="nt">-y</span><span class="p">;</span> yum <span class="nb">install </span>jq <span class="nt">-y</span><span class="o">)</span> </code></pre> </div> <h2> Setup K8s cluster via kubespray </h2> <h3> 8. setup </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo</span> <span class="nt">-i</span> <span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray <span class="go">ansible-playbook -i inventory/k8scluster/hosts.ini cluster.yml --become </span><span class="gp">#</span>Download kube config file from one of master node to bastion vm <span class="gp">#</span><span class="w"> </span>ssh <span class="nt">-p</span> 2324 admin@k8sm901 <span class="s1">'sudo cat /etc/kubernetes/admin.conf'</span> <span class="o">&gt;</span>~/.kube/config <span class="go"> </span><span class="gp">#</span>Check all node status is Ready <span class="gp">#</span><span class="w"> </span>kubectl get node <span class="go">NAME STATUS ROLES AGE VERSION k8sm901 Ready control-plane,master 2d21h v1.20.0 k8sm902 Ready control-plane,master 2d21h v1.20.0 k8sm903 Ready control-plane,master 2d21h v1.20.0 </span><span class="gp">k8sw901 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 <span class="gp">k8sw902 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 <span class="gp">k8sw903 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 <span class="gp">k8sw904 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 <span class="gp">k8sw905 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 <span class="gp">k8sw906 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 <span class="gp">#</span><span class="w"> </span>kubectl get node <span class="nt">-o</span> wide <span class="go">NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME </span><span class="gp">k8sm901 Ready control-plane,master 2d21h v1.20.0 10.30.2.25 &lt;none&gt;</span><span class="w"> </span>CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 docker://19.3.14 <span class="gp">k8sm902 Ready control-plane,master 2d21h v1.20.0 10.30.2.26 &lt;none&gt;</span><span class="w"> </span>CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 docker://19.3.14 <span class="gp">k8sm903 Ready control-plane,master 2d21h v1.20.0 10.30.2.27 &lt;none&gt;</span><span class="w"> </span>CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 docker://19.3.14 <span class="gp">k8sw901 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 10.30.2.28 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 docker://19.3.14 <span class="gp">k8sw902 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 10.30.2.29 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 docker://19.3.14 <span class="gp">k8sw903 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 10.30.2.30 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 docker://19.3.14 <span class="gp">k8sw904 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 10.30.2.22 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 docker://19.3.14 <span class="gp">k8sw905 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 10.30.2.23 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 docker://19.3.14 <span class="gp">k8sw906 Ready &lt;none&gt;</span><span class="w"> </span>2d21h v1.20.0 10.30.2.24 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 docker://19.3.14 </code></pre> </div> <h2> FAQS </h2> <h4> Remove node from cluster </h4> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span>kubectl get node <span class="go">NAME STATUS ROLES AGE VERSION k8sm901 Ready control-plane,master 2d22h v1.20.0 k8sm902 Ready control-plane,master 2d22h v1.20.0 k8sm903 Ready control-plane,master 2d22h v1.20.0 </span><span class="gp">k8sw901 Ready &lt;none&gt;</span><span class="w"> </span>2d22h v1.20.0 <span class="gp">k8sw902 Ready &lt;none&gt;</span><span class="w"> </span>2d22h v1.20.0 <span class="gp">k8sw903 Ready &lt;none&gt;</span><span class="w"> </span>2d22h v1.20.0 <span class="gp">k8sw904 Ready &lt;none&gt;</span><span class="w"> </span>2d22h v1.20.0 <span class="gp">k8sw905 Ready &lt;none&gt;</span><span class="w"> </span>2d22h v1.20.0 <span class="gp">k8sw906 Ready &lt;none&gt;</span><span class="w"> </span>2d22h v1.20.0 <span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray <span class="gp">#</span><span class="w"> </span>ansible-playbook <span class="nt">-i</span> inventory/k8scluster/hosts.ini remove-node.yml <span class="nt">-e</span> <span class="s2">"node=k8sw906"</span> <span class="nt">--become</span> <span class="gp">$</span><span class="w"> </span>kubectl get node <span class="go">NAME STATUS ROLES AGE VERSION k8sm901 Ready control-plane,master 2d23h v1.20.0 k8sm902 Ready control-plane,master 2d23h v1.20.0 k8sm903 Ready control-plane,master 2d23h v1.20.0 </span><span class="gp">k8sw901 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 <span class="gp">k8sw902 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 <span class="gp">k8sw903 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 <span class="gp">k8sw904 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 <span class="gp">k8sw905 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 </code></pre> </div> <h3> Add new node to cluster </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">sudo -i </span><span class="gp">#</span><span class="w"> </span>vi <span class="nv">$HOME</span>/inventory/k8scluster/hosts.ini <span class="go">--- </span><span class="gp">#</span><span class="w"> </span><span class="c">## Configure 'ip' variable to bind kubernetes services on a</span> <span class="gp">#</span><span class="w"> </span><span class="c">## different ip than the default iface</span> <span class="gp">#</span><span class="w"> </span><span class="c">## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value.</span> <span class="go">[all] k8sm901 ansible_host=10.233.247.64 ip=10.30.2.25 k8sm902 ansible_host=10.233.247.65 ip=10.30.2.26 k8sm903 ansible_host=10.233.247.66 ip=10.30.2.27 k8sw901 ansible_host=10.233.247.67 ip=10.30.2.28 k8sw902 ansible_host=10.233.247.68 ip=10.30.2.29 k8sw903 ansible_host=10.233.247.69 ip=10.30.2.30 k8sw904 ansible_host=10.233.247.61 ip=10.30.2.22 k8sw905 ansible_host=10.233.247.62 ip=10.30.2.23 *k8sw906 ansible_host=10.233.247.63 ip=10.30.2.24 </span><span class="gp">#</span><span class="w"> </span><span class="c">## configure a bastion host if your nodes are not directly reachable</span> <span class="gp">#</span><span class="w"> </span>bastion <span class="nv">ansible_host</span><span class="o">=</span>x.x.x.x <span class="nv">ansible_user</span><span class="o">=</span>some_user <span class="go"> [kube-master] k8sm901 k8sm902 k8sm903 [etcd] k8sm901 k8sm902 k8sm903 [kube-node] k8sm901 k8sm902 k8sm903 k8sw901 k8sw902 k8sw903 k8sw904 k8sw905 *k8sw906 [calico-rr] [k8s-cluster:children] kube-master kube-node calico-rr [all:vars] ansible_ssh_user=admin ansible_ssh_port=2324 --- </span><span class="gp">$</span><span class="w"> </span>kubectl get node <span class="go">NAME STATUS ROLES AGE VERSION k8sm901 Ready control-plane,master 2d23h v1.20.0 k8sm902 Ready control-plane,master 2d23h v1.20.0 k8sm903 Ready control-plane,master 2d23h v1.20.0 </span><span class="gp">k8sw901 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 <span class="gp">k8sw902 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 <span class="gp">k8sw903 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 <span class="gp">k8sw904 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 <span class="gp">k8sw905 Ready &lt;none&gt;</span><span class="w"> </span>2d23h v1.20.0 <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray <span class="gp">$</span><span class="w"> </span>ansible-playbook <span class="nt">-i</span> inventory/k8scluster/hosts.ini scale.yml <span class="nt">--become</span> <span class="gp">$</span><span class="w"> </span>kubectl get node <span class="go">NAME STATUS ROLES AGE VERSION k8sm901 Ready control-plane,master 47m v1.20.0 k8sm902 Ready control-plane,master 46m v1.20.0 k8sm903 Ready control-plane,master 46m v1.20.0 </span><span class="gp">k8sw901 Ready &lt;none&gt;</span><span class="w"> </span>45m v1.20.0 <span class="gp">k8sw902 Ready &lt;none&gt;</span><span class="w"> </span>45m v1.20.0 <span class="gp">k8sw903 Ready &lt;none&gt;</span><span class="w"> </span>45m v1.20.0 <span class="gp">k8sw904 Ready &lt;none&gt;</span><span class="w"> </span>45m v1.20.0 <span class="gp">k8sw905 Ready &lt;none&gt;</span><span class="w"> </span>45m v1.20.0 <span class="gp">k8sw906 Ready &lt;none&gt;</span><span class="w"> </span>66s v1.20.0 </code></pre> </div> <h3> Reset Cluster </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray <span class="gp">#</span><span class="w"> </span>ansible-playbook <span class="nt">-i</span> inventory/k8scluster/hosts.ini reset.yml <span class="nt">--become</span> <span class="gp">#</span><span class="w"> </span>kubectl get node <span class="go">The connection to the server 10.30.2.25:6443 was refused - did you specify the right host or port? </span><span class="gp">#</span><span class="w"> </span></code></pre> </div> <h3> Upgrade Kubernetes version all node in Cluster </h3> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span>kubectl get node <span class="go">NAME STATUS ROLES AGE VERSION k8sm901 Ready control-plane,master 4m53s v1.20.0 k8sm902 Ready control-plane,master 4m22s v1.20.0 k8sm903 Ready control-plane,master 4m12s v1.20.0 </span><span class="gp">k8sw901 Ready &lt;none&gt;</span><span class="w"> </span>3m12s v1.20.0 <span class="gp">k8sw902 Ready &lt;none&gt;</span><span class="w"> </span>3m12s v1.20.0 <span class="gp">k8sw903 Ready &lt;none&gt;</span><span class="w"> </span>3m12s v1.20.0 <span class="gp">k8sw904 Ready &lt;none&gt;</span><span class="w"> </span>3m12s v1.20.0 <span class="gp">k8sw905 Ready &lt;none&gt;</span><span class="w"> </span>3m12s v1.20.0 <span class="gp">k8sw906 Ready &lt;none&gt;</span><span class="w"> </span>3m4s v1.20.0 <span class="gp">#</span>Edit kube_version <span class="gp">#</span><span class="w"> </span>vi <span class="nv">$HOME</span>/kubespray/inventory/k8scluster/group_vars/k8s-cluster/k8s-cluster.yml <span class="c">... </span><span class="gp">kube_version: v1.20.0 #</span>edit to v1.20.2 <span class="c">... </span><span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray <span class="gp">#</span><span class="w"> </span>ansible-playbook <span class="nt">-i</span> inventory/k8scluster/hosts.ini upgrade-cluster.yml <span class="nt">--become</span> <span class="gp">#</span><span class="w"> </span>watch <span class="nt">-x</span> kubectl get node,pod <span class="nt">-o</span> wide <span class="go">NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE K ERNEL-VERSION CONTAINER-RUNTIME </span><span class="gp">node/k8sm901 Ready control-plane,master 100m v1.20.2 10.30.2.25 &lt;none&gt;</span><span class="w"> </span>CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3 <span class="go">.10.0-1160.11.1.el7.x86_64 docker://19.3.14 </span><span class="gp">node/k8sm902 Ready control-plane,master 100m v1.20.2 10.30.2.26 &lt;none&gt;</span><span class="w"> </span>CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3 <span class="go">.10.0-1160.11.1.el7.x86_64 docker://19.3.14 </span><span class="c">... </span></code></pre> </div> <h3> Renew certificate </h3> <p>Because Client certificates generated by kubeadm expire after 1 year.</p> <ul> <li> <p>By Upgrade Kubernetes<br> As kubespray background is kubeadm so when you Upgrade Kubernetes version certificates will Renew automaticaly. It is a best practice to upgrade your cluster frequently in order to stay secure.</p> <blockquote> <p><a href="https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/">https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/</a></p> </blockquote> </li> <li><p>By set force_certificate_regeneration<br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="w"> </span>vi <span class="nv">$HOME</span>/kubespray/inventory/k8scluster/group_vars/k8s-cluster/k8s-cluster.yml <span class="c">... </span><span class="go">force_certificate_regeneration: true --- </span><span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray <span class="gp">#</span><span class="w"> </span>ansible-playbook <span class="nt">-i</span> inventory/k8scluster/hosts.ini cluster.yml <span class="nt">--become</span> </code></pre> </div> <h3> Change container runtime </h3> <p>Because Kubernetes is only deprecating Docker as a container runtime after v1.20. They are currently only planning to remove Docker runtime support in the 1.22 release in late 2021(almost year!).<br><br> Example change from docker to containerd<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">#</span><span class="c">#Edit </span> <span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray/inventory/k8scluster/group_vars/k8s-cluster/ <span class="gp">#</span><span class="w"> </span><span class="nb">cp </span>k8s-cluster.yml k8s-cluster.yml.bk <span class="gp">#</span><span class="w"> </span>vi k8s-cluster.yml <span class="c">... </span><span class="gp">container_manager: docker #</span>Change from docker to containerd <span class="c">... </span><span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray/inventory/k8scluster/group_vars <span class="gp">#</span><span class="w"> </span><span class="nb">cp </span>etcd.yml etcd.yaml.bk <span class="gp">#</span><span class="w"> </span>vi etcd.yml <span class="c">... </span><span class="gp">etcd_deployment_type: docker #</span>Change from docker to host <span class="c">... </span><span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray/inventory/k8scluster/group_vars/all <span class="gp">#</span><span class="w"> </span><span class="nb">cp </span>containerd.yml containerd.yml.bk <span class="gp">#</span><span class="c"># unbar config</span> <span class="gp">#</span><span class="w"> </span>vi containerd.yml <span class="c">... </span><span class="go">--- </span><span class="gp">#</span><span class="w"> </span>Please see roles/container-engine/containerd/defaults/main.yml <span class="k">for </span>more configuration options <span class="go"> </span><span class="gp">#</span><span class="w"> </span>Example: define registry mirror <span class="k">for </span>docker hub <span class="go"> containerd_config: grpc: max_recv_message_size: 16777216 max_send_message_size: 16777216 debug: level: "" registries: "docker.io": - "https://mirror.gcr.io" - "https://registry-1.docker.io" max_container_log_line_size: -1 </span><span class="gp">#</span><span class="w"> </span>metrics: <span class="gp">#</span><span class="w"> </span>address: <span class="s2">""</span> <span class="gp">#</span><span class="w"> </span>grpc_histogram: <span class="nb">false</span> <span class="go">--- </span><span class="gp">#</span><span class="c"># Apply the new Container runtime</span> <span class="gp">#</span><span class="w"> </span><span class="nb">cd</span> <span class="nv">$HOME</span>/kubespray <span class="gp">#</span><span class="w"> </span>ansible-playbook <span class="nt">-i</span> inventory/k8scluster/hosts.ini cluster.yml <span class="nt">--become</span> <span class="gp">#</span><span class="c"># Check container runtime</span> <span class="gp">#</span><span class="w"> </span>kubectl get node <span class="nt">-o</span> wide <span class="go">NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME </span><span class="gp">k8sm901 Ready control-plane,master 11h v1.20.2 10.30.2.25 &lt;none&gt;</span><span class="w"> </span>CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 containerd://1.4.3 <span class="gp">k8sm902 Ready control-plane,master 11h v1.20.2 10.30.2.26 &lt;none&gt;</span><span class="w"> </span>CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 containerd://1.4.3 <span class="gp">k8sm903 Ready control-plane,master 11h v1.20.2 10.30.2.27 &lt;none&gt;</span><span class="w"> </span>CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 containerd://1.4.3 <span class="gp">k8sw901 Ready &lt;none&gt;</span><span class="w"> </span>11h v1.20.2 10.30.2.28 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 containerd://1.4.3 <span class="gp">k8sw902 Ready &lt;none&gt;</span><span class="w"> </span>11h v1.20.2 10.30.2.29 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 containerd://1.4.3 <span class="gp">k8sw903 Ready &lt;none&gt;</span><span class="w"> </span>11h v1.20.2 10.30.2.30 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 containerd://1.4.3 <span class="gp">k8sw904 Ready &lt;none&gt;</span><span class="w"> </span>11h v1.20.2 10.30.2.22 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 containerd://1.4.3 <span class="gp">k8sw905 Ready &lt;none&gt;</span><span class="w"> </span>11h v1.20.2 10.30.2.23 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 containerd://1.4.3 <span class="gp">k8sw906 Ready &lt;none&gt;</span><span class="w"> </span>11h v1.20.2 10.30.2.24 &lt;none&gt; CentOS Linux 7 <span class="o">(</span>Core<span class="o">)</span> 3.10.0-1160.11.1.el7.x86_64 containerd://1.4.3 </code></pre> </div> <blockquote> <p><a href="https://github.com/kubernetes-sigs/kubespray/blob/master/docs/containerd.md">https://github.com/kubernetes-sigs/kubespray/blob/master/docs/containerd.md</a></p> </blockquote> devops kubernetes