helm包管理k8s软件
helm create demo1
tree demo1
# demo1
# ├── charts
# ├── Chart.yaml
# ├── templates
# │ ├── deployment.yaml
# │ ├── _helpers.tpl
# │ ├── hpa.yaml
# │ ├── ingress.yaml
# │ ├── NOTES.txt
# │ ├── serviceaccount.yaml
# │ ├── service.yaml
# │ └── tests
# │ └── test-connection.yaml
# └── values.yaml
# 实际修改后
tree
# ├── charts
# ├── Chart.yaml
# ├── readme.md
# ├── templates
# │ ├── deployment.yaml
# │ ├── ingress.yaml
# │ ├── NOTES.txt
# │ ├── registrykey-jihulab.yaml
# │ ├── service.yaml
# │ └── testhold-config.yaml
# └── values.yaml
# 这样不会安装应用(chart)到你的kubenetes集群中,只会渲染模板内容到控制台(用于测试)
helm install --debug --dry-run demo1 ./demo1 --kubeconfig=/etc/rancher/k3s/k3s.yaml
helm install demo1 ./demo1 --kubeconfig=/etc/rancher/k3s/k3s.yaml
helm upgrade -i demo1 ./demo1 --kubeconfig=/etc/rancher/k3s/k3s.yaml
# helm uninstall demo1 --kubeconfig=/etc/rancher/k3s/k3s.yaml
# helm delete demo1 --kubeconfig=/etc/rancher/k3s/k3s.yaml
# 查看状态
helm list --kubeconfig=/etc/rancher/k3s/k3s.yaml
kubectl get service
kubectl get pods
# 生成单个部署文件
helm install demo1 ./demo1 --dry-run > dep.yaml --kubeconfig=/etc/rancher/k3s/k3s.yaml
kubectl apply -f dep.yaml
配置文件
# Chart.yaml和values.yaml是全局的,可以通过{{ .Chart.Name }}{{ .Values.Name }}赖获取
# 可以把无关的文件进行删除,以下是关键部分文件,values.yaml清空
# 服务等配置
deployment.yaml
# 如果私有镜像,配置kind: Secret
secret-jihulab.yml
# 指定到deployment的app
service.yaml
# 流量入口(再此之前系统需要已经存在的ingress-controller,比如ingress-nginx/traefik)
ingress.yaml
# 如果有变量(通常打包镜像的时候自动部署的,不需要配置到这里),配置kind: ConfigMap
config-map.yml
启动一个k3s服务,临时测试用
# 启动k3s服务端,默认6443端口
k3s server
# 须安装 cni-plugin 否则执行 k3s 可能报错:
# ERRO[0816] failed to find host-local: exec: "host-local": executable file not found in $PATH
apk add cni-plugins iptables
export PATH=/usr/libexec/cni:$PATH
# 链接一下
ln -s /root/bin/k3s /root/bin/kubectl
ln -s /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
# 等待启动后,执行, 至少有一个master节点
kubectl get nodes
# 查看镜像是否拉取成功, 如果不成功需要, 手动拉取镜像
kubectl get pods --all-namespaces
# 从第二行(第一行是title)的pod开始打印pod使用的镜像
kubectl get pods --all-namespaces|awk 'NR > 1 {printf "kubectl describe pods/"$2" -n "$1"\n"}' |xargs -I {} bash -c {}|grep Image:
# Image: rancher/klipper-helm:v0.8.0-build20230510
# Image: rancher/klipper-helm:v0.8.0-build20230510
# Image: rancher/local-path-provisioner:v0.0.24
# Image: rancher/mirrored-coredns-coredns:1.10.1
# Image: rancher/mirrored-metrics-server:v0.6.3
# 需要 nerdctl工具来手动拉镜像 docs/source/jcleng.gitee.io/生产环境的k8s.md
nerdctl pull rancher/klipper-helm:v0.8.0-build20230510
nerdctl pull rancher/local-path-provisioner:v0.0.24
nerdctl pull rancher/mirrored-coredns-coredns:1.10.1
nerdctl pull rancher/mirrored-metrics-server:v0.6.3
# 拉取之后重启
# 重启服务
kubectl get deployment --all-namespaces
kubectl rollout restart deployment metrics-server -n kube-system
kubectl rollout restart deployment coredns -n kube-system
kubectl rollout restart deployment local-path-provisioner -n kube-system
helm list
# NODE_TOKEN
cat /var/lib/rancher/k3s/server/node-token
# 其他节点加入
k3s agent --server https://${IP}:6443 --token ${NODE_TOKEN}
测试项目test_hold
k8s管理面板k8s-dashboard
安装
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard
kubectl get svc
# NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
# kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 24h
# kubernetes-dashboard ClusterIP 10.43.31.228 <none> 443/TCP 156m
# 端口forward,访问https://127.0.0.1:28015/
kubectl port-forward svc/kubernetes-dashboard --address 0.0.0.0 28015:443
进入页面之后使用token验证,需要创建帐户和配权限
# 创建jcleng帐户并配置权限
# https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
kubectl create serviceaccount jcleng
# 查看列表
kubectl get sa
# 生成token并复制
kubectl create token jcleng
# 查看token
kubectl describe secret jcleng
# 最后需要配置ClusterRoleBinding,不然数据是空的没有管理权限
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jcleng
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: jcleng
namespace: default
dashboard 手动安装
# 最好在添加节点之前安装
GITHUB_URL=https://github.com/kubernetes/dashboard/releases
VERSION_KUBE_DASHBOARD=$(curl -w '%{url_effective}' -I -L -s -S ${GITHUB_URL}/latest -o /dev/null | sed -e 's|.*/||')
sudo k3s kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/${VERSION_KUBE_DASHBOARD}/aio/deploy/recommended.yaml
# 删除
sudo k3s kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/${VERSION_KUBE_DASHBOARD}/aio/deploy/recommended.yaml
# dashboard.admin-user.yml/dashboard.admin-user-role.yml运行
sudo k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
# 获取token
sudo k3s kubectl -n kubernetes-dashboard create token admin-user
sudo k3s kubectl -n kubernetes-dashboard describe secret admin-user-token | grep '^token'
# 查看服务允许状态
kubectl get all -n kubernetes-dashboard
# 内网访问
kubectl proxy
# 外网访问转发https
kubectl port-forward -n kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 8080:443
# https://[外网地址]:8080
# 删除
sudo k3s kubectl delete ns kubernetes-dashboard
sudo k3s kubectl delete clusterrolebinding kubernetes-dashboard
sudo k3s kubectl delete clusterrole kubernetes-dashboard
# 如果一直Terminating删除不了,用下面进行删除
sudo k3s kubectl get ns
sudo k3s kubectl get namespace kubernetes-dashboard -o json \
| tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" \
| sudo k3s kubectl replace --raw /api/v1/namespaces/kubernetes-dashboard/finalize -f -
# 镜像下载不下来,修改recommended.yaml文件里面的镜像地址 https://dockerproxy.com/docs
# 最后新增节点之后保证面板正常,新增的deployment会追到不同的节点上去
