Marc Lameriks
1995年進(jìn)入甲骨文工作稽寒,現(xiàn)在是Oracle SOA首席顧問,專注于Oracle Cloud、Kubernetes空镜、Docker等方面。
我一直在研究minikube捌朴,因此出于訓(xùn)練和演示的原因吴攒,在我自己的Windows筆記本上已經(jīng)裝好合適的環(huán)境,該環(huán)境在Oracle VirtualBox設(shè)備中有Guest OS男旗、Docker和Minikube舶斧。該demo環(huán)境使用Vagrantfile、腳本以及Kubernetes manifest(yaml)文件察皇。那么茴厉,這一次我將使用k3s來進(jìn)行demo。
在本文中什荣,我將展示詳細(xì)的操作步驟——借助Vagrant在Oracle VirtualBox設(shè)備中矾缓,將k3s和Kubernetes Dashboard一起安裝到Ubuntu Guest OS上。
安裝k3s
根據(jù)官網(wǎng)(k3s.io)的介紹稻爬,安裝k3s的過程將不會(huì)花費(fèi)很長時(shí)間:
curl -sfL https://get.k3s.io | sh -
# Check for Ready node,
takes maybe 30 seconds
k3s kubectl get node
根據(jù)文檔嗜闻,使用以下命令(以及環(huán)境變量INSTALL_K3S_VERSION)來指定從github下載的k3s的特定版本:
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.0.1 sh -
在設(shè)置我的demo環(huán)境之前,先來看看k3s的要求:
操作系統(tǒng)
K3s應(yīng)該可以在所有Linux版本上運(yùn)行桅锄。但是琉雳,k3s已在以下操作系統(tǒng)及其隨后的非主要版本中進(jìn)行了測試:
Ubuntu 16.04 (amd64)
Ubuntu 18.04 (amd64)
Raspbian Buster (armhf)
硬件設(shè)備
硬件需求根據(jù)deployment的大小進(jìn)行擴(kuò)展样眠。此處概述了最低要求的建議:
RAM:512MB
CPU:1核
關(guān)于k3s的版本,我選擇了撰寫文章時(shí)的最新版本v1.0.1翠肘。
Vagrantfile
根據(jù)k3s對操作系統(tǒng)的要求檐束,我使用了Vagrant Box搜索頁面來搜索Ubuntu 18.04 Vagrant Box (for VirtualBox)。
選擇ubuntu/bionic64
在我現(xiàn)有的demo環(huán)境中束倍,我將Vagrantfile的內(nèi)容改為:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.define "ubuntu_k3s" do |ubuntu_k3s|
config.vm.network "forwarded_port",
guest: 8001,
host: 8001,
auto_correct: true
config.vm.network "forwarded_port",
guest: 9110,
host: 9110,
auto_correct: true
config.vm.provider "virtualbox" do |vb|
vb.name = "Ubuntu k3s"
vb.memory = "8192"
vb.cpus = "1"
args = []
config.vm.provision "shell",
path: "scripts/k3s.sh",
args: args
end
end
end
在腳本目錄中被丧,我創(chuàng)建了一個(gè)文件k3s.sh,其內(nèi)容如下:
#!/bin/bash
echo "**** Begin installing k3s"
#Install
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.0.1 sh -
echo "**** End installing k3s"
從Windows筆記本電腦上名為env的子目錄中绪妹,打開Windows命令提示符(cmd)并鍵入:vagrant up
該命令根據(jù)您的Vagrantfile創(chuàng)建和配置Guest machine甥桂。
以下為輸出(僅展示k3s的部分):
ubuntu_k3s: **** Begin installing k3s
…
ubuntu_k3s: **** End installing k3s
ubuntu_k3s: **** Begin installing k3s
…
ubuntu_k3s: **** End installing k3s
ubuntu_k3s: **** Begin installing k3s
…
ubuntu_k3s: **** End installing k3s
我發(fā)現(xiàn)配置shell腳本已經(jīng)運(yùn)行了很多次。由于我最近將vagrant升級到2.2.6邮旷,所以可能與升級有關(guān)黄选。以下是我找到的解決方案:
該錯(cuò)誤本身是由于您的配置塊沒有名稱。如果您不希望它們運(yùn)行兩次廊移,則可以通過給它一個(gè)類似的名稱來修復(fù)它:
config.vm.provision “my shell script”, type: “shell”, ….
所以糕簿,我將Vagrantfile更改為:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.define "ubuntu_k3s" do |ubuntu_k3s|
config.vm.network "forwarded_port",
guest: 8001,
host: 8001,
auto_correct: true
config.vm.provider "virtualbox" do |vb|
vb.name = "Ubuntu k3s"
vb.memory = "8192"
vb.cpus = "1"
args = []
config.vm.provision "k3s shell script", type: "shell",
path: "scripts/k3s.sh",
args: args
end
end
end
為了停止正在運(yùn)行的計(jì)算機(jī)并破壞其資源,我在Windows命令提示符處使用了以下命令:
vagrant destroy
會(huì)產(chǎn)生以下輸出:
ubuntu_k3s: Are you sure you want to destroy the ‘ubuntu_k3s’ VM? [y/N] y
==> ubuntu_k3s: Forcing shutdown of VM…
==> ubuntu_k3s: Destroying VM and associated drives…
該命令將會(huì)停止正在運(yùn)行的Vagrant管理的計(jì)算機(jī)狡孔,并銷毀在計(jì)算機(jī)創(chuàng)建過程中創(chuàng)建的所有資源懂诗。運(yùn)行此命令后,你的計(jì)算機(jī)應(yīng)處于干凈狀態(tài)苗膝,就好像你之前從未創(chuàng)建過Guest machine一樣殃恒。
再次從Windows筆記本電腦上名為env的子目錄中,打開Windows命令提示符(cmd)并鍵入:vagrant up
關(guān)于ubuntu / bionic64的版本辱揭,輸出如下:
==> ubuntu_k3s: Checking if box ‘ubuntu/bionic64’ version ‘20191218.0.0’ is up to date…
==> ubuntu_k3s: A newer version of the box ‘ubuntu/bionic64’ for provider ‘virtualbox’ is
==> ubuntu_k3s: available! You currently have version ‘20191218.0.0’. The latest is version
==> ubuntu_k3s: ‘20200107.0.0’. Run `vagrant box update` to update.
會(huì)產(chǎn)生以下輸出(僅展示k3s的部分):
ubuntu_k3s: **** Begin installing k3s
ubuntu_k3s: [INFO] Using v1.0.1 as release
ubuntu_k3s: [INFO] Downloading hash https://github.com/rancher/k3s/releases/download/v1.0.1/sha256sum-amd64.txt
ubuntu_k3s: [INFO] Downloading binary https://github.com/rancher/k3s/releases/download/v1.0.1/k3s
ubuntu_k3s: [INFO] Verifying binary download
ubuntu_k3s: [INFO] Installing k3s to /usr/local/bin/k3s
ubuntu_k3s: [INFO] Creating /usr/local/bin/kubectl symlink to k3s
ubuntu_k3s: [INFO] Creating /usr/local/bin/crictl symlink to k3s
ubuntu_k3s: [INFO] Creating /usr/local/bin/ctr symlink to k3s
ubuntu_k3s: [INFO] Creating killall script /usr/local/bin/k3s-killall.sh
ubuntu_k3s: [INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
ubuntu_k3s: [INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
ubuntu_k3s: [INFO] systemd: Creating service file /etc/systemd/system/k3s.service
ubuntu_k3s: [INFO] systemd: Enabling k3s unit
ubuntu_k3s: Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service ? /etc/systemd/system/k3s.service.
ubuntu_k3s: [INFO] systemd: Starting k3s
ubuntu_k3s: **** End installing k3s
由于有關(guān)ubuntu / bionic64版本的警告离唐,我在Windows命令提示符中使用了提到的命令:
vagrant box update
產(chǎn)生以下輸出:
==> ubuntu_k3s: Checking for updates to ‘ubuntu/bionic64’
ubuntu_k3s: Latest installed version: 20191218.0.0
ubuntu_k3s: Version constraints:
ubuntu_k3s: Provider: virtualbox
==> ubuntu_k3s: Updating ‘ubuntu/bionic64’ with provider ‘virtualbox’ from version
==> ubuntu_k3s: ‘20191218.0.0’ to ‘20200107.0.0’…
==> ubuntu_k3s: Loading metadata for box ‘https://vagrantcloud.com/ubuntu/bionic64’
==> ubuntu_k3s: Adding box ‘ubuntu/bionic64’ (v20200107.0.0) for provider: virtualbox
ubuntu_k3s: Downloading: https://vagrantcloud.com/ubuntu/boxes/bionic64/versions/20200107.0.0/providers/virtualbox.box
ubuntu_k3s: Download redirected to host: cloud-images.ubuntu.com
ubuntu_k3s:
==> ubuntu_k3s: Successfully added box ‘ubuntu/bionic64’ (v20200107.0.0) for ‘virtualbox’!
我使用了vagrant ssh連接到正在運(yùn)行的VM并開始做一些事情。
接下來问窃,我在Linux命令提示符上使用了以下命令:
kubectl get nodes
產(chǎn)生以下輸出:
WARN[2020-01-12T13:36:33.705394309Z] Unable to read /etc/rancher/k3s/k3s.yaml, please start server with –write-kubeconfig-mode to modify kube config permissions
error: error loading config file “/etc/rancher/k3s/k3s.yaml”: open /etc/rancher/k3s/k3s.yaml: permission denied
備注:
在k3s(k3s kubectl get node)的起始頁上提到的命令會(huì)導(dǎo)致相同的錯(cuò)誤消息亥鬓。這是因?yàn)樵诖饲闆r下,當(dāng)前用戶(通過whoami命令)是:vagrant
一旦安裝了k3s域庇,我將使用以下命令(也可以在文檔中找到):
sudo kubectl get nodes
產(chǎn)生以下輸出:
NAME STATUS ROLES AGE VERSION
ubuntu-bionic Ready master 10m v1.16.3-k3s.2
根據(jù)文檔嵌戈,將kubeconfig文件寫入/etc/rancher/k3s/k3s.yaml,然后自動(dòng)啟動(dòng)或重新啟動(dòng)服務(wù)听皿。安裝腳本將安裝k3s和其他實(shí)用程序熟呛,例如kubectl、crictl尉姨、k3s-killall.sh和k3s-uninstall.sh庵朝。
接下來,我使用以下命令:
cd /etc/rancher/k3s
ls -latr
產(chǎn)生以下輸出:
total 12
-rw——- 1 root root 1052 Jan 12 10:16 k3s.yaml
drwxr-xr-x 2 root root 4096 Jan 12 10:16 .
drwxr-xr-x 4 root root 4096 Jan 12 10:16 ..
接下來,我使用以下命令來查看k3s.yaml文件中的內(nèi)容:
sudo cat k3s.yaml
產(chǎn)生以下輸出:
apiVersion: v1
clusters:
– cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJWekNCL3FBREFnRUNBZ0VBTUFvR0NDcUdTTTQ5QkFNQ01DTXhJVEFmQmdOVkJBTU1HR3N6Y3kxelpYSjIKWlhJdFkyRkFNVFUzT0RneU5ERTVNekFlRncweU1EQXhNVEl4TURFMk16TmFGdzB6TURBeE1Ea3hNREUyTXpOYQpNQ014SVRBZkJnTlZCQU1NR0dzemN5MXpaWEoyWlhJdFkyRkFNVFUzT0RneU5ERTVNekJaTUJNR0J5cUdTTTQ5CkFnRUdDQ3FHU000OUF3RUhBMElBQk12b3V1YjZTR3N6UVl2LzVyb0lpSE5xbXZ0aUxub2gyQTZzR1hIQyt2OWQKSzkwTVlmV2J2bkozVFhyeEg2Mm5LTDhEU05wcmN4eC9rRXNXM2FpZTV3Q2pJekFoTUE0R0ExVWREd0VCL3dRRQpBd0lDcERBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSUJSUmlrd0FPcjFVCmJtTlhOcEw3Y1cxaDhRSGg4QnZJQmJKc2RqdGU3Myt4QWlFQXROUG9MTjliVFZpYmxlYW5SNFpKcStKNUxDMmsKeUUwN2daWlk1NURlc25RPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://127.0.0.1:6443
name: default
contexts:
– context:
cluster: default
user: default
name: default
current-context: default
kind: Config
preferences: {}
users:
– name: default
user:
password: 1f0b266cfdd8e11a9af1a6e262b09746
username: admin
Kubectl配置
接下來九府,我們著重關(guān)注一下配置椎瘟。
默認(rèn)情況下,kubectl在$ HOME / .kube目錄中查找名為config的文件昔逗。你可以通過設(shè)置KUBECONFIG環(huán)境變量或設(shè)置–kubeconfig標(biāo)志來指定其他kubeconfig文件降传。
關(guān)于k3s kubectl命令,適用以下規(guī)則:
- 運(yùn)行嵌入式kubectl CLI勾怒。如果未設(shè)置KUBECONFIG環(huán)境變量,它將在啟動(dòng)k3s服務(wù)器節(jié)點(diǎn)時(shí)自動(dòng)嘗試使用在/etc/rancher/k3s/k3s.yaml中創(chuàng)建的配置文件声旺。
為了讓沒有root權(quán)限的用戶使用具有特定配置的kubectl笔链,根據(jù)我們之前得到的警告:
無法讀取/etc/rancher/k3s/k3s.yaml,請使用–write-kubeconfig-mode啟動(dòng)服務(wù)器以修改kube配置權(quán)限
因此我們必須以特定的kubeconfig模式啟動(dòng)k3s服務(wù)器腮猖。我們可以使用k3s服務(wù)器選項(xiàng)write-kubeconfig-mode(客戶端)以這種模式[$ K3S_KUBECONFIG_MODE]寫入kubeconfig鉴扫。
我看了有關(guān)使用環(huán)境變量K3S_KUBECONFIG_MODE的文檔,并遇到以下示例:
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE=”644″ sh -s –
關(guān)于chmod 644的說明:
Chmod 644(chmod a + rwx澈缺,u-x坪创,g-wx,o-wx)設(shè)置權(quán)限姐赡,以便User(U) /Owner可以讀取莱预、寫入但無法執(zhí)行。群組(G)和其他人(O)可以讀取项滑、無法寫入和執(zhí)行依沮。
在腳本目錄中,我將文件k3s.sh更改為以下內(nèi)容:
#!/bin/bash
echo "**** Begin installing k3s"
#Install
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.0.1 K3S_KUBECONFIG_MODE="644" sh -
echo "**** End installing k3s"
為了簡便起見枪狂,從此博客開始危喉,我將不再在vagrant up命令之前提及vagrant destroy命令。
從Windows筆記本電腦上名為env的子目錄中州疾,打開Windows命令提示符(cmd)并鍵入:vagrant up
產(chǎn)生以下輸出(僅顯示關(guān)于k3s的部分):
ubuntu_k3s: **** Begin installing k3s
ubuntu_k3s: [INFO] Using v1.0.1 as release
ubuntu_k3s: [INFO] Downloading hash https://github.com/rancher/k3s/releases/download/v1.0.1/sha256sum-amd64.txt
ubuntu_k3s: [INFO] Downloading binary https://github.com/rancher/k3s/releases/download/v1.0.1/k3s
ubuntu_k3s: [INFO] Verifying binary download
ubuntu_k3s: [INFO] Installing k3s to /usr/local/bin/k3s
ubuntu_k3s: [INFO] Creating /usr/local/bin/kubectl symlink to k3s
ubuntu_k3s: [INFO] Creating /usr/local/bin/crictl symlink to k3s
ubuntu_k3s: [INFO] Creating /usr/local/bin/ctr symlink to k3s
ubuntu_k3s: [INFO] Creating killall script /usr/local/bin/k3s-killall.sh
ubuntu_k3s: [INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
ubuntu_k3s: [INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
ubuntu_k3s: [INFO] systemd: Creating service file /etc/systemd/system/k3s.service
ubuntu_k3s: [INFO] systemd: Enabling k3s unit
ubuntu_k3s: Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service ? /etc/systemd/system/k3s.service.
ubuntu_k3s: [INFO] systemd: Starting k3s
ubuntu_k3s: **** End installing k3s
因此辜限,一旦安裝了k3s,我就使用vagrant ssh打開一個(gè)Linux命令提示符严蓖,在其中使用以下命令:
kubectl get nodes
產(chǎn)生以下輸出:
NAME STATUS ROLES AGE VERSION
ubuntu-bionic Ready master 49s v1.16.3-k3s.2
接下來薄嫡,我將使用以下命令:
kubectl get pods --all-namespaces
產(chǎn)生以下輸出:
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system local-path-provisioner-58fb86bdfd-g68v5 1/1 Running 0 76s
kube-system metrics-server-6d684c7b5-4zrgx 1/1 Running 0 75s
kube-system coredns-d798c9dd-szfg7 1/1 Running 0 76s
kube-system helm-install-traefik-xg2zd 0/1 Completed 0 76s
kube-system svclb-traefik-frjb9 3/3 Running 0 32s
kube-system traefik-65bccdc4bd-rxlv4 1/1 Running 0 32s
使用命令:
cd /etc/rancher/k3s
ls -latr
產(chǎn)生輸出:
total 12
-rw-r–r– 1 root root 1052 Jan 12 14:40 k3s.yaml
drwxr-xr-x 2 root root 4096 Jan 12 14:40 .
drwxr-xr-x 4 root root 4096 Jan 12 14:40 ..
現(xiàn)在,我們改變了k3s.yaml的權(quán)限谈飒。
Kubernetes Web UI (Dashboard)
現(xiàn)在岂座,讓我們嘗試通過dashboard與Kubernetes集群進(jìn)行交互。
默認(rèn)情況下杭措,Dashboard UI不會(huì)被部署费什。要部署它,請運(yùn)行以下命令:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
你可以通過運(yùn)行以下命令來使用kubectl命令行工具訪問Dashboard:
kubectl proxy
Kubectl將在以下位置提供dashboard:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
只能從執(zhí)行命令的計(jì)算機(jī)上訪問UI。有關(guān)更多選項(xiàng)鸳址,請參見kubectl proxy –help瘩蚪。
由于演示環(huán)境的設(shè)置,簡單地使用kubectl代理是行不通的稿黍,所以我再次使用:
kubectl proxy --address='0.0.0.0' </dev/null &>/dev/null &
在腳本目錄中疹瘦,我創(chuàng)建了一個(gè)包含以下內(nèi)容的文件dashboard.sh:
#!/bin/bash
echo "**** Begin preparing dashboard"
echo "**** Install Kubernetes Dashboard"
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
kubectl proxy --address='0.0.0.0' /dev/null &
echo "**** End preparing dashboard"
我將Vagrantfile的內(nèi)容更改為:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.define "ubuntu_k3s" do |ubuntu_k3s|
config.vm.network "forwarded_port",
guest: 8001,
host: 8001,
auto_correct: true
config.vm.provider "virtualbox" do |vb|
vb.name = "Ubuntu k3s"
vb.memory = "8192"
vb.cpus = "1"
args = []
config.vm.provision "k3s shell script", type: "shell",
path: "scripts/k3s.sh",
args: args
args = []
config.vm.provision "dashboard shell script", type: "shell",
path: "scripts/dashboard.sh",
args: args
end
end
end
在Linux命令提示符中,輸入:exit
然后巡球,我打開一個(gè)Windows命令提示符(cmd)并鍵入:vagrant up
產(chǎn)生以下輸出(僅顯示有關(guān)dashboard的部分):
ubuntu_k3s: **** Begin preparing dashboard
ubuntu_k3s: **** Install Kubernetes Dashboard
ubuntu_k3s: namespace/kubernetes-dashboard created
ubuntu_k3s: serviceaccount/kubernetes-dashboard created
ubuntu_k3s: service/kubernetes-dashboard created
ubuntu_k3s: secret/kubernetes-dashboard-certs created
ubuntu_k3s: secret/kubernetes-dashboard-csrf created
ubuntu_k3s: secret/kubernetes-dashboard-key-holder created
ubuntu_k3s: configmap/kubernetes-dashboard-settings created
ubuntu_k3s: role.rbac.authorization.k8s.io/kubernetes-dashboard created
ubuntu_k3s: clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
ubuntu_k3s: rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
ubuntu_k3s: clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
ubuntu_k3s: deployment.apps/kubernetes-dashboard created
ubuntu_k3s: service/dashboard-metrics-scraper created
ubuntu_k3s: deployment.apps/dashboard-metrics-scraper created
ubuntu_k3s: **** End preparing dashboard
在Linux命令提示符上言沐,我使用了以下命令:
kubectl get pods --all-namespaces
產(chǎn)生以下輸出:
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system local-path-provisioner-58fb86bdfd-g68v5 1/1 Running 0 13m
kube-system metrics-server-6d684c7b5-4zrgx 1/1 Running 0 13m
kube-system coredns-d798c9dd-szfg7 1/1 Running 0 13m
kube-system helm-install-traefik-xg2zd 0/1 Completed 0 13m
kube-system svclb-traefik-frjb9 3/3 Running 0 12m
kube-system traefik-65bccdc4bd-rxlv4 1/1 Running 0 12m
kubernetes-dashboard dashboard-metrics-scraper-566cddb686-5wvcx 1/1 Running 0 9m38s
kubernetes-dashboard kubernetes-dashboard-7b5bf5d559-tn4rh 1/1 Running 0 9m38s
在瀏覽器上我輸入以下URL:
顯示以下界面:
因此我需要一個(gè)token。我找到了一個(gè)示例(和dashboard相關(guān))來創(chuàng)建ServiceAccount和ClusterRoleBinding manifest文件酣栈。首先創(chuàng)建了一個(gè)服務(wù)用戶险胰,并且完成了對角色cluster-admin的角色綁定(該角色在k3s中默認(rèn)不存在):
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
該示例還提供了有關(guān)如何獲取允許我登錄到dashboard的token的信息:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
基于以上示例,我在yaml目錄中添加了一個(gè)文件serviceaccount-k3s.yaml矿筝,內(nèi)容如下:
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
我將以下內(nèi)容添加到y(tǒng)aml目錄中的文件clusterrolebinding-k3s.yaml:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
結(jié)果起便,命令kubectl -n kube-system get secret包含一長串密鑰信息。因此窖维,我想使用另一個(gè)命名空間榆综,以便更輕松地確定允許我登錄到dashboard的token。我選擇使用命名空間kubernetes-dashboard铸史,因?yàn)樵撁臻g是在安裝Kubernetes dashboard時(shí)創(chuàng)建的鼻疮。參見上面的輸出。
在腳本目錄中沛贪,我將文件dashboard.sh更改為以下內(nèi)容:
#!/bin/bash
echo "**** Begin preparing dashboard"
echo "**** Install Kubernetes Dashboard"
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
#Create Helm chart
echo "**** Create Helm chart"
cd /vagrant
cd helmcharts
rm -rf /vagrant/helmcharts/k3s-chart/*
helm create k3s-chart
rm -rf /vagrant/helmcharts/k3s-chart/templates/*
cp /vagrant/yaml/*k3s.yaml /vagrant/helmcharts/k3s-chart/templates
# Install Helm chart
cd /vagrant
cd helmcharts
echo "**** Install Helm chart k3s-chart"
helm install k3s-release ./k3s-chart
# Wait 30 seconds
echo "**** Waiting 30 seconds ..."
sleep 30
#List helm releases
echo "**** List helm releases"
helm list -d
#List secrets
echo "**** List secrets with namespace kubernetes-dashboard"
kubectl get secrets --namespace kubernetes-dashboard
echo "**** Describe secret with namespace kubernetes-dashboard"
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
kubectl proxy --address='0.0.0.0' /dev/null &
echo "**** End preparing dashboard"
因?yàn)楝F(xiàn)在使用的是Helm 3.0.2版陋守,所以我需要進(jìn)行一些更改。使用以下命令確定更改的版本:
helm version
產(chǎn)生輸出:
version.BuildInfo{Version:”v3.0.2″, GitCommit:”19e47ee3283ae98139d98460de796c1be1e3975f”, GitTreeState:”clean”, GoVersion:”go1.13.5″}
使用helm install ./k3s-chart –name k3s-release導(dǎo)致以下結(jié)果:
Error: unknown flag: –name
因此利赋,我將其更改為:helm install k3s-release ./k3s-chart
因?yàn)槲蚁胧褂肏elm水评,所以我將Vagrantfile的內(nèi)容更改為:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.define "ubuntu_k3s" do |ubuntu_k3s|
config.vm.network "forwarded_port",
guest: 8001,
host: 8001,
auto_correct: true
config.vm.provider "virtualbox" do |vb|
vb.name = "Ubuntu k3s"
vb.memory = "8192"
vb.cpus = "1"
args = []
config.vm.provision "k3s shell script", type: "shell",
path: "scripts/k3s.sh",
args: args
args = []
config.vm.provision "helm shell script", type: "shell",
path: "scripts/helm.sh",
args: args
args = []
config.vm.provision "dashboard shell script", type: "shell",
path: "scripts/dashboard.sh",
args: args
end
end
end
我再次打開Windows命令提示符(cmd)并鍵入:vagrant up
產(chǎn)生以下輸出(僅顯示有關(guān)dashboard的部分):
ubuntu_k3s: **** Begin preparing dashboard
ubuntu_k3s: **** Install Kubernetes Dashboard
ubuntu_k3s: namespace/kubernetes-dashboard created
ubuntu_k3s: serviceaccount/kubernetes-dashboard created
ubuntu_k3s: service/kubernetes-dashboard created
ubuntu_k3s: secret/kubernetes-dashboard-certs created
ubuntu_k3s: secret/kubernetes-dashboard-csrf created
ubuntu_k3s: secret/kubernetes-dashboard-key-holder created
ubuntu_k3s: configmap/kubernetes-dashboard-settings created
ubuntu_k3s: role.rbac.authorization.k8s.io/kubernetes-dashboard created
ubuntu_k3s: clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
ubuntu_k3s: rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
ubuntu_k3s: clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
ubuntu_k3s: deployment.apps/kubernetes-dashboard created
ubuntu_k3s: service/dashboard-metrics-scraper created
ubuntu_k3s: deployment.apps/dashboard-metrics-scraper created
ubuntu_k3s: **** Create Helm chart
ubuntu_k3s: Creating k3s-chart
ubuntu_k3s: **** Install Helm chart k3s-chart
ubuntu_k3s: NAME: k3s-release
ubuntu_k3s: LAST DEPLOYED: Tue Jan 14 19:53:24 2020
ubuntu_k3s: NAMESPACE: default
ubuntu_k3s: STATUS: deployed
ubuntu_k3s: REVISION: 1
ubuntu_k3s: TEST SUITE: None
ubuntu_k3s: **** Waiting 30 seconds …
ubuntu_k3s: **** List helm releases
ubuntu_k3s: NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
ubuntu_k3s: k3s-release default 1 2020-01-14 19:53:24.329429114 +0000 UTC deployed k3s-chart-0.1.0 1.16.0
ubuntu_k3s: **** List secrets with namespace kubernetes-dashboard
ubuntu_k3s: NAME
ubuntu_k3s:
ubuntu_k3s:
ubuntu_k3s:
ubuntu_k3s:
ubuntu_k3s: TYPE
ubuntu_k3s:
ubuntu_k3s:
ubuntu_k3s:
ubuntu_k3s:
ubuntu_k3s: DATA AGE
ubuntu_k3s: default-token-l2nr4 kubernetes.io/service-account-token 3 34s
ubuntu_k3s: kubernetes-dashboard-token-54p9k kubernetes.io/service-account-token 3 34s
ubuntu_k3s: kubernetes-dashboard-certs Opaque 0 34s
ubuntu_k3s: admin-user-token-trfdn kubernetes.io/service-account-token 3 31s
ubuntu_k3s: kubernetes-dashboard-csrf Opaque 1 34s
ubuntu_k3s: kubernetes-dashboard-key-holder Opaque 2 34s
ubuntu_k3s: **** Describe secret with namespace kubernetes-dashboard
ubuntu_k3s: Name: admin-user-token-trfdn
ubuntu_k3s: Namespace: kubernetes-dashboard
ubuntu_k3s: Labels:
ubuntu_k3s: Annotations: kubernetes.io/service-account.name: admin-user
ubuntu_k3s: kubernetes.io/service-account.uid: b65dc46c-0833-4fcf-b833-cfec45139764
ubuntu_k3s:
ubuntu_k3s: Type: kubernetes.io/service-account-token
ubuntu_k3s:
ubuntu_k3s: Data
ubuntu_k3s: ====
ubuntu_k3s: token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlhyREtIa21HdlhBQVd2Nm9kTGtJU3RUTnlWWTNJaHI2blNPb3J5eWRwR2cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXRyZmRuIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiNjVkYzQ2Yy0wODMzLTRmY2YtYjgzMy1jZmVjNDUxMzk3NjQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.bJBCZmV7oIUuljz9-I1oO71js-mAOZHc4wLaUwPayYAqAzx_kTM_oFwSEBtieFxmwYP2CTP2QJZM6G8OBGvLyUiQyRumaTavFo51Rh-eW9wSXO24p6Sf7BdQRaJsjS4lnInDGd1Ksrv-Az6LI10rrIJXHgI7jz1wNmSdSqk3OHGXgioKZL0qjlrwgS6UviTe-0geMFxvdGUogUWvShmQkR-sGRSfACYX8-RZdFSc3wRWsoIVo_4NME-q8uNm79BaP5RbPAC-z-2amVHJQUUtgs_88pY-Qu-iiDqUpC823pHYkjB65w5RICjjqlKIrWqAptT35fBFSOfrUKf_Oy483A
ubuntu_k3s: ca.crt: 526 bytes
ubuntu_k3s: namespace: 20 bytes
ubuntu_k3s: **** End preparing dashboard
在筆記本電腦上的瀏覽器中,我輸入了token的值(如上所示)媚送,然后單擊“登錄”按鈕:
打開Kubernetes dashboard中燥,并選擇默認(rèn)命名空間。
接下來塘偎,我點(diǎn)擊到“節(jié)點(diǎn)”疗涉。在這里,你可以看到Kubernetes集群由一個(gè)節(jié)點(diǎn)組成吟秩。
最后咱扣,我將命名空間更改為kube-system,并導(dǎo)航到Pods涵防,結(jié)果如下:
現(xiàn)在闹伪,本文的任務(wù)已經(jīng)完成了!在本文中,我描述了如何使用Vagrant和shell腳本從頭開始自動(dòng)設(shè)置演示環(huán)境偏瓤,包括在Oracle VirtualBox設(shè)備內(nèi)的Ubuntu Guest OS之上的k3s杀怠、Helm和Kubernetes Dashboard。k3s確實(shí)是相對容易安裝厅克。下一步就可以開始實(shí)際使用它了赔退。
