zoukankan      html  css  js  c++  java
  • k8s二进制部署

    配置资源清单
    rbac.yaml

    apiVersion: v1
    kind: ServiceAccount
    metadata:
    labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
    name: kubernetes-dashboard-admin
    namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
    name: kubernetes-dashboard-admin
    namespace: kube-system
    labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
    subjects:
    - kind: ServiceAccount
    name: kubernetes-dashboard-admin
    namespace: kube-system

    deployment.yaml

    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: kubernetes-dashboard
    namespace: kube-system
    labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    spec:
    selector:
    matchLabels:
    k8s-app: kubernetes-dashboard
    template:
    metadata:
    labels:
    k8s-app: kubernetes-dashboard
    annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
    priorityClassName: system-cluster-critical
    containers:
    - name: kubernetes-dashboard
    image: harbor.od.com/public/kubernetes-dashboard-amd64:v1.10.1
    resources:
    limits:
    cpu: 100m
    memory: 300Mi
    requests:
    cpu: 50m
    memory: 100Mi
    ports:
    - containerPort: 8443
    protocol: TCP
    args:
    # PLATFORM-SPECIFIC ARGS HERE
    - --auto-generate-certificates
    volumeMounts:
    - name: tmp-volume
    mountPath: /tmp
    livenessProbe:
    httpGet:
    scheme: HTTPS
    path: /
    port: 8443
    initialDelaySeconds: 30
    timeoutSeconds: 30
    volumes:
    - name: tmp-volume
    emptyDir: {}
    serviceAccountName: kubernetes-dashboard-admin
    tolerations:
    - key: "CriticalAddonsOnly"
    operator: "Exists"

    service.yaml

    apiVersion: v1
    kind: Service
    metadata:
    name: kubernetes-dashboard
    namespace: kube-system
    labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    spec:
    selector:
    k8s-app: kubernetes-dashboard
    ports:
    - port: 443
    targetPort: 8443

    ingress.yaml

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    name: kubernetes-dashboard
    namespace: kube-system
    annotations:
    kubernetes.io/ingress.class: traefik
    spec:
    rules:
    - host: dashboard.od.com
    http:
    paths:
    - backend:
    serviceName: kubernetes-dashboard
    servicePort: 443

    交付dashboard到k8s

    [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/dashboard/dashboard_1.10.1/rbac.yaml
    [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/dashboard/dashboard_1.10.1/deployment.yaml
    [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/dashboard/dashboard_1.10.1/service.yaml
    [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/dashboard/dashboard_1.10.1/ingress.yaml

    签发SSL证书

    [root@hdss7-200 ~]# cd /opt/certs/
    [root@hdss7-200 certs]# (umask 077; openssl genrsa -out dashboard.od.com.key 2048)
    [root@hdss7-200 certs]# openssl req -new -key dashboard.od.com.key -out dashboard.od.com.csr -subj "/CN=dashboard.od.com/C=CN/ST=BJ/L=Beijing/O=OldboyEdu/OU=ops"
    [root@hdss7-200 certs]# openssl x509 -req -in dashboard.od.com.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out dashboard.od.com.crt -days 3650
    [root@hdss7-200 certs]# ll dashboard.od.com.*
    -rw-r--r-- 1 root root 1196 Jan 29 20:52 dashboard.od.com.crt
    -rw-r--r-- 1 root root 1005 Jan 29 20:51 dashboard.od.com.csr
    -rw------- 1 root root 1675 Jan 29 20:51 dashboard.od.com.key
    [root@hdss7-200 certs]# scp dashboard.od.com.key dashboard.od.com.crt hdss7-11:/etc/nginx/certs/ 
    [root@hdss7-200 certs]# scp dashboard.od.com.key dashboard.od.com.crt hdss7-12:/etc/nginx/certs/

    配置Nginx

    [root@hdss7-11 ~]# vim /etc/nginx/conf.d/dashborad.conf
    server {
    listen 80;
    server_name dashboard.od.com;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
    }
    server {
    listen 443 ssl;
    server_name dashboard.od.com;
    ssl_certificate "certs/dashboard.od.com.crt";
    ssl_certificate_key "certs/dashboard.od.com.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / {
    proxy_pass http://default_backend_traefik;
    proxy_set_header Host $http_host;
    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
    }
    [root@hdss7-11 ~]# nginx -t && nginx -s reload

    测试token登陆

    [root@hdss7-21 ~]# kubectl get secret -n kube-system|grep kubernetes-dashboard-token
    kubernetes-dashboard-token-hr5rj kubernetes.io/service-account-token 3 17m
    [root@hdss7-21 ~]# kubectl describe secret kubernetes-dashboard-token-hr5rj -n kube-system|grep ^token
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1ocjVyaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImZhNzAxZTRmLWVjMGItNDFkNS04NjdmLWY0MGEwYmFkMjFmNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.SDUZEkH_N0B6rjm6bW_jN03F4pHCPafL3uKD2HU0ksM0oenB2425jxvfi16rUbTRCsfcGqYXRrE2x15gpb03fb3jJy-IhnInUnPrw6ZwEdqWagen_Z4tdFhUgCpdjdShHy40ZPfql_iuVKbvv7ASt8w8v13Ar3FxztyDyLScVO3rNEezT7JUqMI4yj5LYQ0IgpSXoH12tlDSTyX8Rk2a_3QlOM_yT5GB_GEZkwIESttQKVr7HXSCrQ2tEdYA4cYO2AbF1NgAo_CVBNNvZLvdDukWiQ_b5zwOiO0cUbbiu46x_p6gjNWzVb7zHNro4gh0Shr4hIhiRQot2DJ-sq94Ag
    

      

  • 相关阅读:
    repeater 设置分页
    table表格合并
    repeater分页
    http错误500.19 错误代码 0x80070021
    asp文件上传和下载
    asp:Repeater控件使用
    vs2013标签
    "Uncaught SyntaxError: Unexpected token <"错误完美解决
    监控系统说明文档
    限制input输入类型(多种方法实现)
  • 原文地址:https://www.cnblogs.com/Wang-Hongwei/p/14145387.html
Copyright © 2011-2022 走看看