技术平台-运维环境-k8s

abstiger大约 2 分钟

运维环境-k8s

基于microk8s的kubernetes运维管理

原理背景

为什么基于Kubernetes进行运维管理?

为什么采用Microk8s作为kubernetes实际环境?

  • 官网:https://microk8s.io/
  • 仓库:https://github.com/ubuntu/microk8s

安装配置

Install MicroK8s with:

snap install microk8s --classic

MicroK8s creates a group to enable seamless usage of commands which require admin privilege. To add your current user to the group and gain access to the .kube caching directory, run the following two commands:

sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube

You will also need to re-enter the session for the group update to take place:

su - $USER

MicroK8s uses a namespaced kubectl command to prevent conflicts with any existing installs of kubectl. If you don’t have an existing install, it is easier to add an alias (append to ~/.bash_aliases) like this:

Install bash-completion:
https://kubernetes.io/docs/tasks/tools/included/optional-kubectl-configs-bash-linux/

# aliases
alias kubectl='microk8s kubectl'
source <(kubectl completion bash)

Kubernetes add-ons MicroK8s installs a barebones upstream Kubernetes. Additional services like dns and the Kubernetes dashboard can be enabled using the microk8s enable command.

Use microk8s status to see a list of enabled and available addons. You can find the addon manifests and/or scripts under ${SNAP}/actions/, with ${SNAP} pointing by default to /snap/microk8s/current.

sudo microk8s enable helm3

sudo microk8s enable rbac

sudo microk8s enable hostpath-storage

考虑参考:https://blog.frognew.com/2022/05/kubeadm-install-kubernetes-1.24.html 使用helm安装管理其他插件。

https://microk8s.io/docs/addon-dns

sudo microk8s enable dns

https://microk8s.io/docs/addon-dashboard

sudo microk8s enable dashboard

sudo microk8s dashboard-proxy

页面盲敲:thisisunsafe

https://microk8s.io/docs/addon-ingress

sudo microk8s enable ingress

kubectl delete -n kube-system secret krproject-org-tls --ignore-not-found
kubectl create -n kube-system secret tls krproject-org-tls \
  --key=/etc/ssl/krproject.org/krproject.org.key \
  --cert=/etc/ssl/krproject.org/krproject.org.cer

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard-ingress
  namespace: kube-system
  annotations:
    # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: public
  tls:
  - hosts:
    - k8s.krproject.org
    secretName: krproject-org-tls
  rules:
    - host: k8s.krproject.org
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 443

手动升级版本插件版本:

# 编辑 dashboard 的ingress配置
kubectl -n kube-system edit ingress/kubernetes-dashboard-ingress

# 设置 metrics-server 版本号
kubectl describe -n kube-system deployments/metrics-server
kubectl set image -n kube-system deployments/metrics-server metrics-server=k8s.gcr.io/metrics-server/metrics-server:v0.6.1

# 设置 dashboard 版本号
kubectl describe -n kube-system deployments/kubernetes-dashboard
kubectl set image -n kube-system deployments/kubernetes-dashboard kubernetes-dashboard=kubernetesui/dashboard:v2.7.0

# 设置 ingress 版本号
kubectl describe -n ingress daemonsets/nginx-ingress-microk8s-controller 
kubectl set image -n ingress daemonsets/nginx-ingress-microk8s-controller nginx-ingress-microk8s=k8s.gcr.io/ingress-nginx/controller:v1.4.0
Loading...