部署helm_自定义chart_DashBoard

部署helm 自定义chart DashBoard

下载tar包

cd /root/test-yaml
mkdir helm && cd helm
wget https://mirrors.huaweicloud.com/helm/v2.13.1/helm-v2.13.1-linux-amd64.tar.gz
tar zxf helm-v2.13.1-linux-amd64.tar.gz
cp linux-amd64/helm /usr/local/bin/
chmod +x /usr/local/bin/helm

创建k8s的服务账号和绑定角色

vim rbac-config.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller-cluster-role
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

kubectl create -f rbac-config.yaml

或者

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

初始化

helm init --service-account tiller --skip-refresh

查看版本

helm version

---

自定义chart（完全手写）

创建文件夹

mkdir /root/test-yaml/helm/hello-world
cd !$

创建描述文件Chart.yaml,这个文件必须有name和version

cat << EOF >> Chart.yaml
name: hello-world
version: 1.0.0
image:
  repository:gcr.io/google-samples/node-hello
  tag: '1.0'
EOF

创建模板文件，必须位于templates目录

mkdir ./templates
cat << EOF >> ./templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: hello-world
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: hello-world
      spec:
        containers:
          - name: hello-world
            image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
            ports:
              - containerPort: 80
                protocol: TCP
EOF

cat << EOF >> ./templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: hello-world
spec:
  type: NodePort
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: hello-world
EOF

安装

helm insall .

---

安装dashboard

自定义配置信息

vim kubernetes-dashboard.yaml

image:
  repository: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64
  tag: v1.10.1
ingress:
  enabled: true
  hosts:
    - k8s.frognew.com
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
  tls:
    - secretName: frognew-com-tls-secret
      hosts:
      - k8s.frognew.com
rbac:
  clusterAdminRole: true

安装dashboard，并应用自定义配置

helm install stable/kubernetes-dashboard --name kubernetes-dashboard --namespace kube-system -f kubernetes-dashboard.yaml

验证

kubectl get pod -n kube-system
kubectl get svc -n kube-system

使服务对外提供访问

# 修改为NodePort方式
kubectl edit svc kubernetes-dashboard -n kube-system 

默认只能火狐访问

https://$IP:$port

配置支持谷歌访问

查看SecretName
kubectl describe pod kubernetes-dashboard-78dff9db9-cbz8d -n kube-system

生成证书
openssl genrsa -out dashboard.key 2048
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=172.21.16.17'  # masterIP
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt

删除原有的证书secret
kubectl delete secret kubernetes-dashboard -n kube-system

创建新的同名证书secret
kubectl create secret generic kubernetes-dashboard --from-file=dashboard.key --from-file=dashboard.crt -n kube-system

删除pod,让deployment自建来重启pod
kubectl delete pod kubernetes-dashboard-78dff9db9-cbz8d -n kube-system

提供令牌

kubectl get secret -n kube-system | grep kubernetes-dashboard-token
kubectl describe secret kubernetes-dashboard-token-hzksl -n kube-system | grep token

修改为账号密码登陆

echo "admin,admin,1" > /etc/kubernetes/pki/basic_auth_file  # 用户，密码，唯一ID
cat /etc/kubernetes/manifests/kube-apiserver.yaml
- --basic-auth-file=/etc/kubernetes/pki/basic_auth_file
kubectl get pod -n kube-system | grep apiserver