重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
Kubernetes部署(一):架构及功能说明
Kubernetes部署(二):系统环境初始化
Kubernetes部署(三):CA证书制作
Kubernetes部署(四):ETCD集群部署
Kubernetes部署(五):Haproxy、Keppalived部署
Kubernetes部署(六):Master节点部署
Kubernetes部署(七):Node节点部署
Kubernetes部署(八):Flannel网络部署
Kubernetes部署(九):CoreDNS、Dashboard、Ingress部署
Kubernetes部署(十):储存之glusterfs和heketi部署
Kubernetes部署(十一):管理之Helm和Rancher部署
Kubernetes部署(十二):helm部署harbor企业级镜像仓库
创新互联主要业务有网站营销策划、成都网站建设、成都网站设计、微信公众号开发、重庆小程序开发、H5场景定制、程序开发等业务。一次合作终身朋友,是我们奉行的宗旨;我们不仅仅把客户当客户,还把客户视为我们的合作伙伴,在开展业务的过程中,公司还积累了丰富的行业经验、营销型网站建设资源和合作伙伴关系资源,并逐渐建立起规范的客户服务和保障体系。
helm官方下载地址:https://github.com/helm/helm/releases
官方可用的chart列表:https://hub.kubeapps.com
所有的软件及配置文件都保存在前面文章提到的百度网盘里 :百度共享链接在此文章里
Helm是一种简化Kubernetes应用程序安装和管理的工具。可以把它想象成apt/yum/homebrew。
Helm可在您的笔记本电脑,或在任何位置运行。
[root@node-01 ~]# ll .kube/
total 12
drwxr-xr-x 3 root root 23 Dec 25 11:28 cache
-rw------- 1 root root 6264 Dec 25 16:15 config
drwxr-xr-x 3 root root 4096 Jan 2 15:09 http-cache
[root@node-01 k8s]# wget https://storage.googleapis.com/kubernetes-helm/helm-v2.12.1-linux-amd64.tar.gz
[root@node-01 k8s]# tar zxf helm-v2.12.1-linux-amd64.tar.gz
[root@node-01 k8s]# cd linux-amd64/
[root@node-01 linux-amd64]# mv helm /usr/bin/
因某些原因我们无法直接从google下载tiller镜像,所以需要下载我网盘共享的镜像tiller-image-v2.12.1.tar.gz
,然后在每个node节点加载镜像
[root@node-04 ~]# docker load < tiller-image-v2.12.1.tar.gz
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
[root@node-01 helm]# kubectl create -f rbac-config.yaml
[root@node-01 helm]# helm init --service-account tiller
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!
[root@node-01 helm]# kubectl -n kube-system get pod|grep tiller
tiller-deploy-85744d9bfb-cm5jz 1/1 Running 0 11m
[root@node-01 helm]# helm version
Client: &version.Version{SemVer:"v2.12.1", GitCommit:"02a47c7249b1fc6d8fd3b94e6b4babf9d818144e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.1", GitCommit:"02a47c7249b1fc6d8fd3b94e6b4babf9d818144e", GitTreeState:"clean"}
release管理:
至此helm就已经部署完了,下面会通过helm安装k8s的管理平台,也顺便演示helm的使用。
helm官方仓库没有rancher的chart包,所以我们需要添加rancher官方chart仓库。
[root@node-01 helm]# helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
"rancher-stable" has been added to your repositories
[root@node-01 helm]# helm search rancher-stable/rancher
NAME CHART VERSION APP VERSION DESCRIPTION
rancher-stable/rancher 2018.12.4 v2.1.4 Install Rancher Server to manage Kubernetes clusters acro...
[root@node-01 helm]# helm install stable/cert-manager --name cert-manager --namespace kube-system
NAME: cert-manager
LAST DEPLOYED: Thu Jan 3 15:35:22 2019
NAMESPACE: kube-system
STATUS: DEPLOYED
RESOURCES:
==> v1/ServiceAccount
NAME SECRETS AGE
cert-manager 1 1s
==> v1beta1/ClusterRole
NAME AGE
cert-manager 1s
==> v1beta1/ClusterRoleBinding
NAME AGE
cert-manager 1s
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
cert-manager 1 1 1 0 1s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
cert-manager-7d4bfc44ff-5flvg 0/1 ContainerCreating 0 0s
NOTES:
cert-manager has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://cert-manager.readthedocs.io/en/latest/reference/issuers.html
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://cert-manager.readthedocs.io/en/latest/reference/ingress-shim.html
[root@node-01 helm]#
[root@node-01 helm]# helm install rancher-stable/rancher --name rancher --namespace cattle-system --set hostname=rancher.cnlinux.club
默认情况下,Rancher会自动生成CA根证书并使用cert-manager颁发证书,因此,这里设置了 hostname=rancher.cnlinux.club,后续只能通过域名访问UI
如果你没有内部DNS服务器而是通过添加/etc/hosts主机别名的方式指定的Rancher server域名,那么不管通过哪种方式(自定义、导入、Host驱动等)创建K8S集群,K8S集群运行起来之后,因为cattle-cluster-agent Pod和cattle-node-agent无法通过DNS记录找到Rancher server,最终导致无法通信。
可以通过给cattle-cluster-agent Pod和cattle-node-agent添加主机别名(/etc/hosts),让其可以正常通信(前提是IP地址可以互通)。
注意:替换以下命令中的域名和IP
[root@node-01 helm]# kubectl -n cattle-system patch deployments cattle-cluster-agent --patch '{
"spec": {
"template": {
"spec": {
"hostAliases": [
{
"hostnames":
[
"rancher.cnlinux.club"
],
"ip": "10.31.90.200"
}
]
}
}
}
}'
[root@node-01 helm]# kubectl -n cattle-system patch daemonsets cattle-node-agent --patch '{
"spec": {
"template": {
"spec": {
"hostAliases": [
{
"hostnames":
[
"rancher.cnlinux.club"
],
"ip": "10.31.90.200"
}
]
}
}
}
}'
3.至此就可以通过rancher来管理pod、ingress、service等资源了。
后续会陆续更新所有的k8s相关文档,如果你觉得我写的不错,希望大家多多关注点赞,非常感谢!