范文健康探索娱乐情感热点
投稿投诉
热点动态
科技财经
情感日志
励志美文
娱乐时尚
游戏搞笑
探索旅游
历史星座
健康养生
美丽育儿
范文作文
教案论文
国学影视
热点动态科技财经

云原生(三十一)Kubernetes篇之平台基本预装资源

  #头条创作挑战赛#
  Kubernetes平台基本预装资源
  kubernetes平台安装完成后需要安装基本资源,  本文适配 kubernetes-v1.21.1 版本 一、metrics-server
  GitHub - kubernetes-sigs/metrics-server: Scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
  https://github.com/kubernetes-sigs/metrics-server k8s平台基本指标监控组件 apiVersion: v1 kind: ServiceAccount metadata:   labels:     k8s-app: metrics-server   name: metrics-server   namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     k8s-app: metrics-server     rbac.authorization.k8s.io/aggregate-to-admin: "true"     rbac.authorization.k8s.io/aggregate-to-edit: "true"     rbac.authorization.k8s.io/aggregate-to-view: "true"   name: system:aggregated-metrics-reader rules: - apiGroups:   - metrics.k8s.io   resources:   - pods   - nodes   verbs:   - get   - list   - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     k8s-app: metrics-server   name: system:metrics-server rules: - apiGroups:   - ""   resources:   - pods   - nodes   - nodes/stats   - namespaces   - configmaps   verbs:   - get   - list   - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   labels:     k8s-app: metrics-server   name: metrics-server-auth-reader   namespace: kube-system roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount   name: metrics-server   namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     k8s-app: metrics-server   name: metrics-server:system:auth-delegator roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: system:auth-delegator subjects: - kind: ServiceAccount   name: metrics-server   namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     k8s-app: metrics-server   name: system:metrics-server roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: system:metrics-server subjects: - kind: ServiceAccount   name: metrics-server   namespace: kube-system --- apiVersion: v1 kind: Service metadata:   labels:     k8s-app: metrics-server   name: metrics-server   namespace: kube-system spec:   ports:   - name: https     port: 443     protocol: TCP     targetPort: https   selector:     k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata:   labels:     k8s-app: metrics-server   name: metrics-server   namespace: kube-system spec:   selector:     matchLabels:       k8s-app: metrics-server   strategy:     rollingUpdate:       maxUnavailable: 0   template:     metadata:       labels:         k8s-app: metrics-server     spec:       containers:       - args:         - --v=6         - --cert-dir=/tmp         - --kubelet-insecure-tls         - --secure-port=4443         - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname         - --kubelet-use-node-status-port         image: registry.cn-hangzhou.aliyuncs.com/lanson_k8s_images/metrics-server:v0.4.3         imagePullPolicy: IfNotPresent         livenessProbe:           failureThreshold: 3           httpGet:             path: /livez             port: https             scheme: HTTPS           periodSeconds: 10         name: metrics-server         ports:         - containerPort: 4443           name: https           protocol: TCP         readinessProbe:           failureThreshold: 3           httpGet:             path: /readyz             port: https             scheme: HTTPS           periodSeconds: 10         securityContext:           readOnlyRootFilesystem: true           runAsNonRoot: true           runAsUser: 1000         volumeMounts:         - mountPath: /tmp           name: tmp-dir       nodeSelector:         kubernetes.io/os: linux       priorityClassName: system-cluster-critical       serviceAccountName: metrics-server       volumes:       - emptyDir: {}         name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata:   labels:     k8s-app: metrics-server   name: v1beta1.metrics.k8s.io spec:   group: metrics.k8s.io   groupPriorityMinimum: 100   insecureSkipTLSVerify: true   service:     name: metrics-server     namespace: kube-system   version: v1beta1   versionPriority: 100二、ingress-nginx
  kubernetes官方使用nginx做的组件
  自建集群使用 裸金属安装方式
  使用 给集群中需要暴露的nginx机器节点打上标签  node-role=ingress   如: kubectl label node k8s-master3 node-role=ingress kubectl label node k8s-node1 node-role=ingress kubectl label node k8s-node2 node-role=ingress kubectl label node k8s-node3 node-role=ingress 部署ingress的node节点会自动 开启 节点的  80和443   端口,保证这个机器端口不会被占用 默认ingress-nginx在每个节点没有CPU、MEMORY最大配额限制;可以按照公司架构需求修改resoources.limits相关字段 apiVersion: v1 kind: Namespace metadata:   name: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx  --- # Source: ingress-nginx/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx   namespace: ingress-nginx automountServiceAccountToken: true --- # Source: ingress-nginx/templates/controller-configmap.yaml apiVersion: v1 kind: ConfigMap metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx-controller   namespace: ingress-nginx data: --- # Source: ingress-nginx/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm   name: ingress-nginx rules:   - apiGroups:       - ""     resources:       - configmaps       - endpoints       - nodes       - pods       - secrets     verbs:       - list       - watch   - apiGroups:       - ""     resources:       - nodes     verbs:       - get   - apiGroups:       - ""     resources:       - services     verbs:       - get       - list       - watch   - apiGroups:       - extensions       - networking.k8s.io   # k8s 1.14+     resources:       - ingresses     verbs:       - get       - list       - watch   - apiGroups:       - ""     resources:       - events     verbs:       - create       - patch   - apiGroups:       - extensions       - networking.k8s.io   # k8s 1.14+     resources:       - ingresses/status     verbs:       - update   - apiGroups:       - networking.k8s.io   # k8s 1.14+     resources:       - ingressclasses     verbs:       - get       - list       - watch --- # Source: ingress-nginx/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm   name: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: ingress-nginx subjects:   - kind: ServiceAccount     name: ingress-nginx     namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx   namespace: ingress-nginx rules:   - apiGroups:       - ""     resources:       - namespaces     verbs:       - get   - apiGroups:       - ""     resources:       - configmaps       - pods       - secrets       - endpoints     verbs:       - get       - list       - watch   - apiGroups:       - ""     resources:       - services     verbs:       - get       - list       - watch   - apiGroups:       - extensions       - networking.k8s.io   # k8s 1.14+     resources:       - ingresses     verbs:       - get       - list       - watch   - apiGroups:       - extensions       - networking.k8s.io   # k8s 1.14+     resources:       - ingresses/status     verbs:       - update   - apiGroups:       - networking.k8s.io   # k8s 1.14+     resources:       - ingressclasses     verbs:       - get       - list       - watch   - apiGroups:       - ""     resources:       - configmaps     resourceNames:       - ingress-controller-leader-nginx     verbs:       - get       - update   - apiGroups:       - ""     resources:       - configmaps     verbs:       - create   - apiGroups:       - ""     resources:       - events     verbs:       - create       - patch --- # Source: ingress-nginx/templates/controller-rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx   namespace: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: ingress-nginx subjects:   - kind: ServiceAccount     name: ingress-nginx     namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-service-webhook.yaml apiVersion: v1 kind: Service metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx-controller-admission   namespace: ingress-nginx spec:   type: ClusterIP   ports:     - name: https-webhook       port: 443       targetPort: webhook   selector:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-service.yaml apiVersion: v1 kind: Service metadata:   annotations:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx-controller   namespace: ingress-nginx spec:   type: ClusterIP  ## 改为clusterIP   ports:     - name: http       port: 80       protocol: TCP       targetPort: http     - name: https       port: 443       protocol: TCP       targetPort: https   selector:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-deployment.yaml apiVersion: apps/v1 kind: DaemonSet metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx-controller   namespace: ingress-nginx spec:   selector:     matchLabels:       app.kubernetes.io/name: ingress-nginx       app.kubernetes.io/instance: ingress-nginx       app.kubernetes.io/component: controller   revisionHistoryLimit: 10   minReadySeconds: 0   template:     metadata:       labels:         app.kubernetes.io/name: ingress-nginx         app.kubernetes.io/instance: ingress-nginx         app.kubernetes.io/component: controller     spec:       dnsPolicy: ClusterFirstWithHostNet   ## dns对应调整为主机网络       hostNetwork: true  ## 直接让nginx占用本机80端口和443端口,所以使用主机网络       containers:         - name: controller           image: registry.cn-hangzhou.aliyuncs.com/lanson_k8s_images/ingress-nginx-controller:v0.46.0           imagePullPolicy: IfNotPresent           lifecycle:             preStop:               exec:                 command:                   - /wait-shutdown           args:             - /nginx-ingress-controller             - --election-id=ingress-controller-leader             - --ingress-class=nginx             - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller             - --validating-webhook=:8443             - --validating-webhook-certificate=/usr/local/certificates/cert             - --validating-webhook-key=/usr/local/certificates/key           securityContext:             capabilities:               drop:                 - ALL               add:                 - NET_BIND_SERVICE             runAsUser: 101             allowPrivilegeEscalation: true           env:             - name: POD_NAME               valueFrom:                 fieldRef:                   fieldPath: metadata.name             - name: POD_NAMESPACE               valueFrom:                 fieldRef:                   fieldPath: metadata.namespace             - name: LD_PRELOAD               value: /usr/local/lib/libmimalloc.so           livenessProbe:             httpGet:               path: /healthz               port: 10254               scheme: HTTP             initialDelaySeconds: 10             periodSeconds: 10             timeoutSeconds: 1             successThreshold: 1             failureThreshold: 5           readinessProbe:             httpGet:               path: /healthz               port: 10254               scheme: HTTP             initialDelaySeconds: 10             periodSeconds: 10             timeoutSeconds: 1             successThreshold: 1             failureThreshold: 3           ports:             - name: http               containerPort: 80               protocol: TCP             - name: https               containerPort: 443               protocol: TCP             - name: webhook               containerPort: 8443               protocol: TCP           volumeMounts:             - name: webhook-cert               mountPath: /usr/local/certificates/               readOnly: true           resources:             requests:               cpu: 100m               memory: 90Mi             limits:               cpu: 1000m               memory: 800Mi       nodeSelector:         node-role: ingress        serviceAccountName: ingress-nginx       terminationGracePeriodSeconds: 300       volumes:         - name: webhook-cert           secret:             secretName: ingress-nginx-admission --- # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml # before changing this value, check the required kubernetes version # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   name: ingress-nginx-admission webhooks:   - name: validate.nginx.ingress.kubernetes.io     matchPolicy: Equivalent     rules:       - apiGroups:           - networking.k8s.io         apiVersions:           - v1beta1         operations:           - CREATE           - UPDATE         resources:           - ingresses     failurePolicy: Fail     sideEffects: None     admissionReviewVersions:       - v1       - v1beta1     clientConfig:       service:         namespace: ingress-nginx         name: ingress-nginx-controller-admission         path: /networking/v1beta1/ingresses --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook rules:   - apiGroups:       - admissionregistration.k8s.io     resources:       - validatingwebhookconfigurations     verbs:       - get       - update --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: ingress-nginx-admission subjects:   - kind: ServiceAccount     name: ingress-nginx-admission     namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx rules:   - apiGroups:       - ""     resources:       - secrets     verbs:       - get       - create --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: ingress-nginx-admission subjects:   - kind: ServiceAccount     name: ingress-nginx-admission     namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml apiVersion: batch/v1 kind: Job metadata:   name: ingress-nginx-admission-create   annotations:     helm.sh/hook: pre-install,pre-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx spec:   template:     metadata:       name: ingress-nginx-admission-create       labels:         helm.sh/chart: ingress-nginx-3.30.0         app.kubernetes.io/name: ingress-nginx         app.kubernetes.io/instance: ingress-nginx         app.kubernetes.io/version: 0.46.0         app.kubernetes.io/managed-by: Helm         app.kubernetes.io/component: admission-webhook     spec:       containers:         - name: create           image: docker.io/jettech/kube-webhook-certgen:v1.5.1           imagePullPolicy: IfNotPresent           args:             - create             - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc             - --namespace=$(POD_NAMESPACE)             - --secret-name=ingress-nginx-admission           env:             - name: POD_NAMESPACE               valueFrom:                 fieldRef:                   fieldPath: metadata.namespace       restartPolicy: OnFailure       serviceAccountName: ingress-nginx-admission       securityContext:         runAsNonRoot: true         runAsUser: 2000 --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml apiVersion: batch/v1 kind: Job metadata:   name: ingress-nginx-admission-patch   annotations:     helm.sh/hook: post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx spec:   template:     metadata:       name: ingress-nginx-admission-patch       labels:         helm.sh/chart: ingress-nginx-3.30.0         app.kubernetes.io/name: ingress-nginx         app.kubernetes.io/instance: ingress-nginx         app.kubernetes.io/version: 0.46.0         app.kubernetes.io/managed-by: Helm         app.kubernetes.io/component: admission-webhook     spec:       containers:         - name: patch           image: docker.io/jettech/kube-webhook-certgen:v1.5.1           imagePullPolicy: IfNotPresent           args:             - patch             - --webhook-name=ingress-nginx-admission             - --namespace=$(POD_NAMESPACE)             - --patch-mutating=false             - --secret-name=ingress-nginx-admission             - --patch-failure-policy=Fail           env:             - name: POD_NAMESPACE               valueFrom:                 fieldRef:                   fieldPath: metadata.namespace       restartPolicy: OnFailure       serviceAccountName: ingress-nginx-admission       securityContext:         runAsNonRoot: true         runAsUser: 2000三、dashboard
  可以安装k8s的默认可视化平台
  GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
  注意: 官方下载来的默认没有指定授权,使用下面创建过授权的配置 # 获取dashboard访问令牌 kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk "{print $1}")apiVersion: v1 kind: Namespace metadata:   name: kubernetes-dashboard  ---  apiVersion: v1 kind: ServiceAccount metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard  ---  kind: Service apiVersion: v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard spec:   ports:     - port: 443       targetPort: 8443   selector:     k8s-app: kubernetes-dashboard  ---  apiVersion: v1 kind: Secret metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard-certs   namespace: kubernetes-dashboard type: Opaque  ---  apiVersion: v1 kind: Secret metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard-csrf   namespace: kubernetes-dashboard type: Opaque data:   csrf: ""  ---  apiVersion: v1 kind: Secret metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard-key-holder   namespace: kubernetes-dashboard type: Opaque  ---  kind: ConfigMap apiVersion: v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard-settings   namespace: kubernetes-dashboard  ---  kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard rules:   # Allow Dashboard to get, update and delete Dashboard exclusive secrets.   - apiGroups: [""]     resources: ["secrets"]     resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]     verbs: ["get", "update", "delete"]     # Allow Dashboard to get and update "kubernetes-dashboard-settings" config map.   - apiGroups: [""]     resources: ["configmaps"]     resourceNames: ["kubernetes-dashboard-settings"]     verbs: ["get", "update"]     # Allow Dashboard to get metrics.   - apiGroups: [""]     resources: ["services"]     resourceNames: ["heapster", "dashboard-metrics-scraper"]     verbs: ["proxy"]   - apiGroups: [""]     resources: ["services/proxy"]     resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]     verbs: ["get"]  ---  kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard rules:   # Allow Metrics Scraper to get metrics from the Metrics server   - apiGroups: ["metrics.k8s.io"]     resources: ["pods", "nodes"]     verbs: ["get", "list", "watch"]  ---  apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: kubernetes-dashboard subjects:   - kind: ServiceAccount     name: kubernetes-dashboard     namespace: kubernetes-dashboard    ---  kind: Deployment apiVersion: apps/v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard spec:   replicas: 1   revisionHistoryLimit: 10   selector:     matchLabels:       k8s-app: kubernetes-dashboard   template:     metadata:       labels:         k8s-app: kubernetes-dashboard     spec:       containers:         - name: kubernetes-dashboard           image: kubernetesui/dashboard:v2.2.0           imagePullPolicy: Always           ports:             - containerPort: 8443               protocol: TCP           args:             - --auto-generate-certificates             - --namespace=kubernetes-dashboard             # Uncomment the following line to manually specify Kubernetes API server Host             # If not specified, Dashboard will attempt to auto discover the API server and connect             # to it. Uncomment only if the default does not work.             # - --apiserver-host=http://my-address:port           volumeMounts:             - name: kubernetes-dashboard-certs               mountPath: /certs               # Create on-disk volume to store exec logs             - mountPath: /tmp               name: tmp-volume           livenessProbe:             httpGet:               scheme: HTTPS               path: /               port: 8443             initialDelaySeconds: 30             timeoutSeconds: 30           securityContext:             allowPrivilegeEscalation: false             readOnlyRootFilesystem: true             runAsUser: 1001             runAsGroup: 2001       volumes:         - name: kubernetes-dashboard-certs           secret:             secretName: kubernetes-dashboard-certs         - name: tmp-volume           emptyDir: {}       serviceAccountName: kubernetes-dashboard       nodeSelector:         "kubernetes.io/os": linux       # Comment the following tolerations if Dashboard must not be deployed on master       tolerations:         - key: node-role.kubernetes.io/master           effect: NoSchedule  ---  kind: Service apiVersion: v1 metadata:   labels:     k8s-app: dashboard-metrics-scraper   name: dashboard-metrics-scraper   namespace: kubernetes-dashboard spec:   ports:     - port: 8000       targetPort: 8000   selector:     k8s-app: dashboard-metrics-scraper  ---  kind: Deployment apiVersion: apps/v1 metadata:   labels:     k8s-app: dashboard-metrics-scraper   name: dashboard-metrics-scraper   namespace: kubernetes-dashboard spec:   replicas: 1   revisionHistoryLimit: 10   selector:     matchLabels:       k8s-app: dashboard-metrics-scraper   template:     metadata:       labels:         k8s-app: dashboard-metrics-scraper       annotations:         seccomp.security.alpha.kubernetes.io/pod: "runtime/default"     spec:       containers:         - name: dashboard-metrics-scraper           image: kubernetesui/metrics-scraper:v1.0.6           ports:             - containerPort: 8000               protocol: TCP           livenessProbe:             httpGet:               scheme: HTTP               path: /               port: 8000             initialDelaySeconds: 30             timeoutSeconds: 30           volumeMounts:           - mountPath: /tmp             name: tmp-volume           securityContext:             allowPrivilegeEscalation: false             readOnlyRootFilesystem: true             runAsUser: 1001             runAsGroup: 2001       serviceAccountName: kubernetes-dashboard       nodeSelector:         "kubernetes.io/os": linux       # Comment the following tolerations if Dashboard must not be deployed on master       tolerations:         - key: node-role.kubernetes.io/master           effect: NoSchedule       volumes:         - name: tmp-volume           emptyDir: {} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   name: kubernetes-dashboard   namespace: kubernetes-dashboard roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: cluster-admin subjects:   - kind: ServiceAccount     name: kubernetes-dashboard     namespace: kubernetes-dashboard四、helm应用商店curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
  helm国内源,但是版本很久没更新 http://mirror.azure.cn/kubernetes/charts/
  详细的安装介绍可以参数我上一篇文章
  有兴趣的同学可以点下面链接:
  云原生(三十) | Kubernetes篇之应用商店-Helm_Lansonli的博客-CSDN博客
萝卜丸子怎么炸才能做到不油腻?大厨炸之前,这1步不能少萝卜丸子怎么炸才能做到不油腻?大厨炸之前,这1步不能少已经冬至了,现在萝卜水分足又鲜甜。小时候冬天冷起来妈妈就喜欢在家做各种吃的。炸红薯饼,萝卜丸子,七层糕,米糕我们围在火炉子旁边情绪不受控制,是否累,还是肝气郁结导致肝气郁结证,肝失疏泄,气机郁滞所引起,临床以胸胁胀闷,善叹息,心情抑郁等为主要表现的证候。常见于胁痛胃脘痛失眠妇女月经不调,以及西医的肝炎胆囊炎神经衰弱等疾病。肝主升发疏泄,若情志长期头晕,其实可能是痰瘀作祟!中医1方,化痰祛瘀,止头晕现实生活中,不少人认为出现头晕是身体虚气血虚所引起的,尤其是中老年人,随着年龄的增长,本身身体体质就较差。然而,通过进补却依然头晕反复,没有得到明显的改善。显然,头晕反复的患者并不为什么冬至要吃饺子?该怎样去吃?一个中医妙方教你吃饺子提起冬至,我们能想到的第一件事就是吃饺子,这也让我们想起了饺子的发明人医圣张仲景。东汉末年,战乱疫生,社会动乱,民不聊生,人民颠沛流离,饥寒困顿,各地连续爆发瘟疫。张仲景在长沙任职绝地大饭堂官方公布2022年PUBG电竞赛程,PUBG全明星赛再次登场随着NH战队夺得PGC2021世界冠军后,时隔一千两百多天之后,PCL赛区再次拿下世界第一,对于CNPUBG来说了,这个冠军真的非常重要。另外此次PGC21共发放了价值1500万美明日方舟新危机合约培养思路分析先锋1。桃金娘两个技能专三拉满,等级可以不升,看自己喜好。2。嵯峨和推王选一个精二(推王适合日常推图不用点点点,嵯峨上限高)。3。德狗精二解锁满潜模拟器。4。马上肉鸽了,豆苗可以考剑侠世界3不充钱玩哪个职业剑侠世界3平民玩家职业选择推荐2022剑侠世界3手游里有多个职业供玩家选择,不过平民玩家要选择职业肯定还是想选择省钱的,那么究竟剑侠世界3不充钱玩哪个职业好呢?想知道怎么选择好,就赶紧看看下面由小编分享的文章吧!剑侠世哈利波特魔法觉醒圣诞树浓度过高,玩家提前过节本周将迎来一年一度的圣诞节,作为哈利波特魔法觉醒(以下简称哈利波特手游)中的重要节日,官方也已准备良久,目前圣诞庆典活动已有部分内容上线游戏,玩家可以提前在游戏里体验圣诞氛围!游戏散是满天星!RNG旧将德杯即将相遇,对抗结果备受期待之前提起散是满天星,大部分人都想起了PDD的电竞黄埔军校YM战队,但不得不说,现在LPL也有着一支战队的选手产生了散是满天星的效果,这支战队就是RNG,虽然目前RNG自己的成绩也同新生儿臀部为什么有淤青?不是投胎时被踢,或与爸妈有关萍萍啊,你看宝宝屁股上的胎记,是不是你怀孕的时候不小心吃坏了东西啊?婆婆十分担忧地说。这哪能啊,宝宝屁股上的胎记肯定是不愿意投胎被踹的。公公在一旁打趣道。会不会是什么疾病的征兆啊?和云南一起过新年之普米族神秘的祭祀仪式在欢乐祥和的新春期间,各个民族都会举行祭祀仪式,每个民族的祭祀习俗也各不相同,都有着独特的民族文化色彩。祭神明祭天地祭祖先祭山神是人们都耳熟能详,而生活在滇西北的普米族,在新年时会
<<<<<<>>>>>>
租房族和房奴对比,将来谁会更轻松?最近关于房地产市场最大的话题是房地产税收改革。10月23日,在第十三届全国人会常务委员会上,授权相关部门在部分地区开展为期五年的房地产税改革试点工作,引发社会广泛关注。虽然目前还没2022年将首迎房子贬值潮?央媒12字回应,2类人或受益从最近两年开始,楼市真的冷下来了。不知道大家思考过没有,现如今的房产价值为什么这么高?据统计,从1980年至今的十年里,全国商品房均价已经翻了15倍,并且部分热点城市涨幅更高,相比消失的车企华晨破产重组,中华品牌给了宝马?宝马想多了鲸落,是指鲸死后沉入海底的现象。当巨鲸在海洋中死去,它的尸体不会浮出海面,最终沉入海底,随后形成一套生态系统,促进深海生命的繁荣。一些巨无霸企业的倒下,画面和鲸落一样,无声且浩大,新零售erp系统免费软件优点有财务处理功能比较精细规范售后服务较好。缺点的话,系统结构导致部署受一定限制程序不够稳定构架比较死板等。如果是小企业可考虑现在越来越受认可的基于SaaS模式的ERP系统出场0分钟!湖人赢球了,霍华德却输惨了平静的斯图尔特,平静的詹姆斯。湖人对阵活塞的二番战,上一战双双被禁赛的两人,在这场比赛中,没有发生任何冲突。没有任何人会愿意主动惹事,也没有任何人会拿自己未来的前途开玩笑。湖人以1老人带娃,这几种行为会影响宝宝健康智力!再难也要让老人改过来有很多父母因为工作关系,平时比较忙碌,无暇照看孩子。那么老人就承担了抚养孩子的责任,但是老人照看孩子可和妈妈照看不同。那么有什么不一样的地方呢?老人和妈妈带孩子的区别主要体现在以下经典不再,辉煌见证,重温斯台普斯球馆的11场经典比赛洛杉矶,好莱坞,斯台普斯,这些都是洛杉矶的标志,其中对于球迷来说,斯台普斯球馆是一代人的记忆。他见证了湖人和科比的兴衰,是一座有故事的球馆。今年圣诞节,斯台普斯正式更名为Crypt大S现在的护肤技巧,老娘17年前就说过了大家好,我是林木木,一个平平无奇的时尚小博主。说起大S,可能大家想到的是她的偶像剧,又或者是她的豪门婚后生活。不过,相比于演员主持人这些身份,不少精致女孩认识他,都因为一个称号美容连续淘汰让国乒无缘男双决赛,瑞典男乒已成国乒劲敌?今天不但是2021年美国休斯敦举办的世界乒乓球锦标赛的双打半决赛,同时也是单打半决赛,而今天的比赛颇多亮点。首先是日本和韩国方面,日本和韩国的女单男单均全军覆没,全部无缘四强,但是43!新星小将击败前世界第一,此前行为不妥等待国际乒联回应北京时间11月29日,世乒赛男单半决赛德国老将波尔34不敌瑞典新星莫尔加德止步4强,追平个人世锦赛最好成绩,但依然值得祝贺,如今波尔以40岁的年纪坚持参赛,得到了很多人的称赞,大家冬季提防静电,可能引起心脑血管病冬天来了又到了脱衣服电闪雷鸣的季节天气干燥容易产生静电这个静电对我们的健康有危害吗又该如何防护呢今天就来和大家聊聊静电的那些危害案例李伯伯今年61岁,身体一直很健康,可最近两年来每