1、Helm是Kubernetes的包管理器

hostnamectl set-hostname master
yum install wget -y
wget https://get.helm.sh/helm-v3.3.1-linux-amd64.tar.gz
tar -zxvf helm-v3.3.1-linux-amd64.tar.gz
cp linux-amd64/helm /usr/local/bin/
yum install vim -y 
vim /etc/profile
# 末尾寫入內(nèi)容
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
# esc :wq 退出保存 執(zhí)行
source /etc/profile
# 查看版本
helm version
# 添加倉庫
helm repo add ali-stable  https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts 
helm repo update

2抡句、NFS即網(wǎng)絡(luò)文件系統(tǒng)

# ip:172.17.216.82 內(nèi)網(wǎng)
yum install -y rpcbind nfs-utils
vim /etc/exports
# 寫入以下內(nèi)容
/root/nfs_root/ *(insecure,rw,sync,no_root_squash)
# 創(chuàng)建共享目錄探膊，如果要使用自己的目錄，請(qǐng)?zhí)鎿Q本文檔中所有的 /root/nfs_root/
mkdir /root/nfs_root
# 啟動(dòng)檢查
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
exportfs -r
exportfs
# 輸出結(jié)果如下所示
# /root/nfs_root /root/nfs_root

# 其他客戶端節(jié)點(diǎn)待榔，有多臺(tái)服務(wù)器集群時(shí)選擇安裝
yum install -y nfs-utils
# showmount -e $(nfs服務(wù)器的IP)
showmount -e 172.17.216.82
# 輸出結(jié)果如下所示
Export list for 172.17.216.82:
/root/nfs_root *

mkdir /root/nfsmount
# mount -t nfs $(nfs服務(wù)器的IP):/root/nfs_root /root/nfsmount
mount -t nfs 172.17.216.82:/root/nfs_root /root/nfsmount
# 寫入一個(gè)測(cè)試文件
echo "hello nfs server" > /root/nfsmount/test.txt

3突想、K3s 輕量級(jí)的 Kubernetes 發(fā)行版

# 主節(jié)點(diǎn)安裝
curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_EXEC="--disable traefik" sh -
# 添加node節(jié)點(diǎn)，在工作節(jié)點(diǎn)執(zhí)行究抓，myserver替換主節(jié)點(diǎn)ip猾担，mynodetoken 主節(jié)點(diǎn)token
curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetoken sh -
# 查看主節(jié)點(diǎn)token
cat /var/lib/rancher/k3s/server/node-token

# server 節(jié)點(diǎn)卸載 K3s
/usr/local/bin/k3s-uninstall.sh 
# agent 節(jié)點(diǎn)卸載 K3s          
/usr/local/bin/k3s-agent-uninstall.sh
#查看k3s服務(wù)狀態(tài)
systemctl status k3s
#重啟k3s服務(wù)
systemctl restart k3s 

4、Kuboard, k8s面板 https://kuboard.cn/learning

kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
# 查看是否就緒
kubectl get pods -n kuboard -o wide

在瀏覽器中打開鏈接 http://your-ip-address:30080刺下，記得開放安全組端口绑嘹， k8s端口范圍30000-32767
輸入初始用戶名和密碼，并登錄
用戶名： admin
密碼： Kuboard123

image.png

image.png

5橘茉、traefik HTTP反向代理工腋、負(fù)載均衡工具 , 也可以換成 ingress-nginx https://kubernetes.github.io/ingress-nginx/deploy/

helm repo add traefik https://containous.github.io/traefik-helm-chart
helm repo update
helm install traefik traefik/traefik -f traefik-v2-chart-values.yaml -n kube-system
# 主機(jī)名:master，nodeSelector 固定在master節(jié)點(diǎn)

# traefik-v2-chart-values.yaml
service:
  type: ClusterIP

ingressRoute:
  dashboard:
    enabled: false

nodeSelector:
  kubernetes.io/hostname: master

ports:
  web:
    hostPort: 80
  websecure:
    hostPort: 443
  traefik:
    port: 8080
    hostPort: 8080
    exposedPort: 8080
    expose: true

additionalArguments:
  - "--serversTransport.insecureSkipVerify=true"
  - "--api.insecure=true"
  - "--api.dashboard=true"

kubectl apply -f traefik-dashboard-ingress-route.yaml -n kube-system
# Host 替換為自己域名畅卓，解析到master主機(jī)

# traefik-dashboard-ingress-route.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard-route
spec:
  entryPoints:
    - websecure
  tls:
    secretName: cloudfe-cert-tls
  routes:
    - match: Host(`traefik.renrenlol.com`)
      kind: Rule
      services:
        - name: traefik
          port: 8080

image.png

這里是剛才生成的擅腰，可以在此修改

image.png

image.png

配置https訪問 , 可以去阿里云申請(qǐng)免費(fèi)ssl證書

image.png

image.png

修改traefik-dashboard-ingress-route.yaml， secretName:創(chuàng)建的TLS密文名稱

image.png

image.png

Traefik 中間件 BasicAuth 設(shè)置面板訪問權(quán)限

yum -y install httpd-tools
# admin:$apr1$HwWTM7UI$Wq3j47.UEl0xe9TZfRWG2.
htpasswd -nb admin admin123
# test:$apr1$HnEisKFW$hIQTVJCukPNBJyGgc/.9Z/
htpasswd -nb test  test123
# 將加密的信息放入一個(gè)叫policy的文件
vim policy

# policy
admin:$apr1$HwWTM7UI$Wq3j47.UEl0xe9TZfRWG2.
test:$apr1$HnEisKFW$hIQTVJCukPNBJyGgc/.9Z/

# 進(jìn)行base64加密翁潘，獲得加密后的字符
cat policy | openssl base64

YWRtaW46JGFwcjEkSHdXVE03VUkkV3EzajQ3LlVFbDB4ZTlUWmZSV0cyLgp0ZXN0
OiRhcHIxJEhuRWlzS0ZXJGhJUVRWSkN1a1BOQkp5R2djLy45Wi8K

# traefik-basic-auth.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: traefik-basic-auth
spec:
  basicAuth:
    secret: authsecret
---
apiVersion: v1
kind: Secret
metadata:
  name: authsecret
data:
  users: |2
    YWRtaW46JGFwcjEkSHdXVE03VUkkV3EzajQ3LlVFbDB4ZTlUWmZSV0cyLgp0ZXN0
    OiRhcHIxJEhuRWlzS0ZXJGhJUVRWSkN1a1BOQkp5R2djLy45Wi8K

# traefik-dashboard-ingress-route.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard-route
  namespace: kube-system
  resourceVersion: '9239'
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`traefik.renrenlol.com`)
      services:
        - name: traefik
          port: 8080
      middlewares:
        - name: traefik-basic-auth
  tls:
    secretName: traefik.renrenlol.com

kubectl apply -f traefik-basic-auth.yaml -n kube-system
kubectl apply -f traefik-dashboard-ingress-route.yaml -n kube-system

https訪問, 用戶名：admin 密碼：admin123

image.png

http會(huì)出現(xiàn)404

image.png