生产环境
容器运行时
使用kubeadm引导集群
gpg --keyserver keyserver.ubuntu.com --recv-keys 836F4BEB
gpg --export --armor 836F4BEB | sudo apt-key add -
kubeadm config images pull --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
# 根据docker images显示修改
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.4 k8s.gcr.io/kube-proxy:v1.20.4
API接入
cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: john
spec:
groups:
- system:authenticated
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ3V6Q0NBYU1DQVFBd2RqRUxNQWtHQTFVRUJoTUNRMDR4Q3pBSkJnTlZCQWdNQWtOUk1Rc3dDUVlEVlFRSApEQUpEVVRFTk1Bc0dBMVVFQ2d3RWNtOXZkREVOTUFzR0ExVUVDd3dFY205dmRERU5NQXNHQTFVRUF3d0VjbTl2CmRERWdNQjRHQ1NxR1NJYjNEUUVKQVJZUk1Ua3dNekl4TlRnNU9FQnhjUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDWmNsendySkR1Yjg2U0ZtQXNHZ0twMk9PK1pZQ0JIQy9JQS9qdgpVbG1TYTFtblY1MjNRcmVhVVVHRU1oSmV3VitvenZyRG1pcGMvUk5hWktBL0hvM0U2S0NFQkVBNGRlSTE4ZENNCisyUldrV3Z6WlcvMTNqN2QzbEk5VFk4amtwcXBGbkZlS1BWdlNHTWFZRTBDZnE5SVk1NHdxMFQ1a0FTdDRMTzYKdnJ0d3RuQWp3VmdzM2tEbVRQUWo3ODB3NW5jbHJqRllCRlBXTlcwUkhubldBMUpGRk9OVmw5SEZpQXZDNlFNWApnMEJpc0VuQzZKdnRSZGZyN3l6MnhKb0tSSFRVQkFJVDFIU1czVit5RkdQbmNDeG41Z3p0Z3FzRjFITy96NjRsCmFiYmM3QkVXVHovTDdoZjJQdUZTV3EweDdyUWFuY2ozVWZpeFlMVVJoOGVXRWk3dEFnTUJBQUdnQURBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFnOFk2RjFsaW1adnlseVFubFcwWUVjTlN5VTVaa3pjRHA5ZkpKSlBOY202ZgpFKzJZWmU0bW8vRFRSUlNHRjIyTFNySXNoT3NVTk84a2dKMldhLzJXbHZBTVNhazdMazJjRzhnMElXQWVvRWtYCjlSM3UzNUxFcXZCK1djSDIxMjRmWWxPZWNCSHFvaXhpWmd2UTIySjJZdWtabllZWGdsK21WeXBIay9KRytTMEgKaHU0TFJSVnE3c2U1ck9ZVjBUMUtuTjFiQ1JoMXk4WGJaMjNUOENub1BKSnFuQ0JXNmdhZmw5UlplSzdqYzh5Qwp1UCtXQkZqa281Mi9hMjJkeWg0L3NMbVNxRWoxSldlMFBHY2RjOWRDWmQyVGpGMUt4ZnVmQ0p0ZjJwZGtGbG90CnRoUXBnSlVwbFN4WnROZlB3bDJBSTdzbWs5dGxJQ3hTMnVIRE1FNGNkQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
signerName: kubernetes.io/kube-apiserver-client
usages:
- client auth
EOF
证书生成出错,缺少crt文件,搁置。
目前尝试采用静态令牌接入
关于重启kubelet后运行出错, 需要关闭交换内存。
似乎不完全是swapoff的问题,又tm炸了
静态令牌确认是不能用了
758cab.49913baeb77edc84
证书验证问题尚未解决,但是可以带AuthHeader访问了
未能解决证书认证问题,转而在代码中强加 config.setTrustCerts(true);
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
- 绪论
- 技术、技术如何实现这个的
- 整体思路的设计,概要设计??
- 实现
ingress搭建
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/baremetal/deploy.yaml
国内无法下载其中一个镜像k8s.gcr.io/ingress-nginx/controller,转而从dockerhub下载好心人上传的
改一下yaml,tag改成国内的这个
查看端口? netstat -lntup
PREVIOUSLeetcode - 每日一题
NEXTk8s