技术平台-运维环境-k8s
运维环境-k8s
基于microk8s的kubernetes运维管理
原理背景
为什么基于Kubernetes进行运维管理?
为什么采用Microk8s作为kubernetes实际环境?
- 官网:https://microk8s.io/
- 仓库:https://github.com/ubuntu/microk8s
安装配置
Install MicroK8s with:
snap install microk8s --classic
MicroK8s creates a group to enable seamless usage of commands which require admin privilege. To add your current user to the group and gain access to the .kube caching directory, run the following two commands:
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
You will also need to re-enter the session for the group update to take place:
su - $USER
MicroK8s uses a namespaced kubectl command to prevent conflicts with any existing installs of kubectl. If you don’t have an existing install, it is easier to add an alias (append to ~/.bash_aliases) like this:
Install bash-completion:
https://kubernetes.io/docs/tasks/tools/included/optional-kubectl-configs-bash-linux/
# aliases
alias kubectl='microk8s kubectl'
source <(kubectl completion bash)
Kubernetes add-ons MicroK8s installs a barebones upstream Kubernetes. Additional services like dns and the Kubernetes dashboard can be enabled using the microk8s enable command.
Use microk8s status to see a list of enabled and available addons. You can find the addon manifests and/or scripts under ${SNAP}/actions/, with ${SNAP} pointing by default to /snap/microk8s/current.
sudo microk8s enable helm3
sudo microk8s enable rbac
sudo microk8s enable hostpath-storage
考虑参考:https://blog.frognew.com/2022/05/kubeadm-install-kubernetes-1.24.html 使用helm安装管理其他插件。
https://microk8s.io/docs/addon-dns
sudo microk8s enable dns
https://microk8s.io/docs/addon-dashboard
sudo microk8s enable dashboard
sudo microk8s dashboard-proxy
页面盲敲:thisisunsafe
https://microk8s.io/docs/addon-ingress
sudo microk8s enable ingress
kubectl delete -n kube-system secret krproject-org-tls --ignore-not-found
kubectl create -n kube-system secret tls krproject-org-tls \
--key=/etc/ssl/krproject.org/krproject.org.key \
--cert=/etc/ssl/krproject.org/krproject.org.cer
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard-ingress
namespace: kube-system
annotations:
# https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
ingressClassName: public
tls:
- hosts:
- k8s.krproject.org
secretName: krproject-org-tls
rules:
- host: k8s.krproject.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443
手动升级版本插件版本:
# 编辑 dashboard 的ingress配置
kubectl -n kube-system edit ingress/kubernetes-dashboard-ingress
# 设置 metrics-server 版本号
kubectl describe -n kube-system deployments/metrics-server
kubectl set image -n kube-system deployments/metrics-server metrics-server=k8s.gcr.io/metrics-server/metrics-server:v0.6.1
# 设置 dashboard 版本号
kubectl describe -n kube-system deployments/kubernetes-dashboard
kubectl set image -n kube-system deployments/kubernetes-dashboard kubernetes-dashboard=kubernetesui/dashboard:v2.7.0
# 设置 ingress 版本号
kubectl describe -n ingress daemonsets/nginx-ingress-microk8s-controller
kubectl set image -n ingress daemonsets/nginx-ingress-microk8s-controller nginx-ingress-microk8s=k8s.gcr.io/ingress-nginx/controller:v1.4.0