范文健康探索娱乐情感热点
投稿投诉
热点动态
科技财经
情感日志
励志美文
娱乐时尚
游戏搞笑
探索旅游
历史星座
健康养生
美丽育儿
范文作文
教案论文
国学影视
热点动态科技财经
焦点资讯时事国际环球新闻

云原生(三十一)Kubernetes篇之平台基本预装资源

  #头条创作挑战赛#
  Kubernetes平台基本预装资源
  kubernetes平台安装完成后需要安装基本资源,  本文适配 kubernetes-v1.21.1 版本 一、metrics-server
  GitHub - kubernetes-sigs/metrics-server: Scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
  https://github.com/kubernetes-sigs/metrics-server k8s平台基本指标监控组件 apiVersion: v1 kind: ServiceAccount metadata:   labels:     k8s-app: metrics-server   name: metrics-server   namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     k8s-app: metrics-server     rbac.authorization.k8s.io/aggregate-to-admin: "true"     rbac.authorization.k8s.io/aggregate-to-edit: "true"     rbac.authorization.k8s.io/aggregate-to-view: "true"   name: system:aggregated-metrics-reader rules: - apiGroups:   - metrics.k8s.io   resources:   - pods   - nodes   verbs:   - get   - list   - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     k8s-app: metrics-server   name: system:metrics-server rules: - apiGroups:   - ""   resources:   - pods   - nodes   - nodes/stats   - namespaces   - configmaps   verbs:   - get   - list   - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   labels:     k8s-app: metrics-server   name: metrics-server-auth-reader   namespace: kube-system roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount   name: metrics-server   namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     k8s-app: metrics-server   name: metrics-server:system:auth-delegator roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: system:auth-delegator subjects: - kind: ServiceAccount   name: metrics-server   namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     k8s-app: metrics-server   name: system:metrics-server roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: system:metrics-server subjects: - kind: ServiceAccount   name: metrics-server   namespace: kube-system --- apiVersion: v1 kind: Service metadata:   labels:     k8s-app: metrics-server   name: metrics-server   namespace: kube-system spec:   ports:   - name: https     port: 443     protocol: TCP     targetPort: https   selector:     k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata:   labels:     k8s-app: metrics-server   name: metrics-server   namespace: kube-system spec:   selector:     matchLabels:       k8s-app: metrics-server   strategy:     rollingUpdate:       maxUnavailable: 0   template:     metadata:       labels:         k8s-app: metrics-server     spec:       containers:       - args:         - --v=6         - --cert-dir=/tmp         - --kubelet-insecure-tls         - --secure-port=4443         - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname         - --kubelet-use-node-status-port         image: registry.cn-hangzhou.aliyuncs.com/lanson_k8s_images/metrics-server:v0.4.3         imagePullPolicy: IfNotPresent         livenessProbe:           failureThreshold: 3           httpGet:             path: /livez             port: https             scheme: HTTPS           periodSeconds: 10         name: metrics-server         ports:         - containerPort: 4443           name: https           protocol: TCP         readinessProbe:           failureThreshold: 3           httpGet:             path: /readyz             port: https             scheme: HTTPS           periodSeconds: 10         securityContext:           readOnlyRootFilesystem: true           runAsNonRoot: true           runAsUser: 1000         volumeMounts:         - mountPath: /tmp           name: tmp-dir       nodeSelector:         kubernetes.io/os: linux       priorityClassName: system-cluster-critical       serviceAccountName: metrics-server       volumes:       - emptyDir: {}         name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata:   labels:     k8s-app: metrics-server   name: v1beta1.metrics.k8s.io spec:   group: metrics.k8s.io   groupPriorityMinimum: 100   insecureSkipTLSVerify: true   service:     name: metrics-server     namespace: kube-system   version: v1beta1   versionPriority: 100二、ingress-nginx
  kubernetes官方使用nginx做的组件
  自建集群使用 裸金属安装方式
  使用 给集群中需要暴露的nginx机器节点打上标签  node-role=ingress   如: kubectl label node k8s-master3 node-role=ingress kubectl label node k8s-node1 node-role=ingress kubectl label node k8s-node2 node-role=ingress kubectl label node k8s-node3 node-role=ingress 部署ingress的node节点会自动 开启 节点的  80和443   端口,保证这个机器端口不会被占用 默认ingress-nginx在每个节点没有CPU、MEMORY最大配额限制;可以按照公司架构需求修改resoources.limits相关字段 apiVersion: v1 kind: Namespace metadata:   name: ingress-nginx   labels:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx  --- # Source: ingress-nginx/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx   namespace: ingress-nginx automountServiceAccountToken: true --- # Source: ingress-nginx/templates/controller-configmap.yaml apiVersion: v1 kind: ConfigMap metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx-controller   namespace: ingress-nginx data: --- # Source: ingress-nginx/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm   name: ingress-nginx rules:   - apiGroups:       - ""     resources:       - configmaps       - endpoints       - nodes       - pods       - secrets     verbs:       - list       - watch   - apiGroups:       - ""     resources:       - nodes     verbs:       - get   - apiGroups:       - ""     resources:       - services     verbs:       - get       - list       - watch   - apiGroups:       - extensions       - networking.k8s.io   # k8s 1.14+     resources:       - ingresses     verbs:       - get       - list       - watch   - apiGroups:       - ""     resources:       - events     verbs:       - create       - patch   - apiGroups:       - extensions       - networking.k8s.io   # k8s 1.14+     resources:       - ingresses/status     verbs:       - update   - apiGroups:       - networking.k8s.io   # k8s 1.14+     resources:       - ingressclasses     verbs:       - get       - list       - watch --- # Source: ingress-nginx/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm   name: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: ingress-nginx subjects:   - kind: ServiceAccount     name: ingress-nginx     namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx   namespace: ingress-nginx rules:   - apiGroups:       - ""     resources:       - namespaces     verbs:       - get   - apiGroups:       - ""     resources:       - configmaps       - pods       - secrets       - endpoints     verbs:       - get       - list       - watch   - apiGroups:       - ""     resources:       - services     verbs:       - get       - list       - watch   - apiGroups:       - extensions       - networking.k8s.io   # k8s 1.14+     resources:       - ingresses     verbs:       - get       - list       - watch   - apiGroups:       - extensions       - networking.k8s.io   # k8s 1.14+     resources:       - ingresses/status     verbs:       - update   - apiGroups:       - networking.k8s.io   # k8s 1.14+     resources:       - ingressclasses     verbs:       - get       - list       - watch   - apiGroups:       - ""     resources:       - configmaps     resourceNames:       - ingress-controller-leader-nginx     verbs:       - get       - update   - apiGroups:       - ""     resources:       - configmaps     verbs:       - create   - apiGroups:       - ""     resources:       - events     verbs:       - create       - patch --- # Source: ingress-nginx/templates/controller-rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx   namespace: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: ingress-nginx subjects:   - kind: ServiceAccount     name: ingress-nginx     namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-service-webhook.yaml apiVersion: v1 kind: Service metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx-controller-admission   namespace: ingress-nginx spec:   type: ClusterIP   ports:     - name: https-webhook       port: 443       targetPort: webhook   selector:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-service.yaml apiVersion: v1 kind: Service metadata:   annotations:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx-controller   namespace: ingress-nginx spec:   type: ClusterIP  ## 改为clusterIP   ports:     - name: http       port: 80       protocol: TCP       targetPort: http     - name: https       port: 443       protocol: TCP       targetPort: https   selector:     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-deployment.yaml apiVersion: apps/v1 kind: DaemonSet metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: controller   name: ingress-nginx-controller   namespace: ingress-nginx spec:   selector:     matchLabels:       app.kubernetes.io/name: ingress-nginx       app.kubernetes.io/instance: ingress-nginx       app.kubernetes.io/component: controller   revisionHistoryLimit: 10   minReadySeconds: 0   template:     metadata:       labels:         app.kubernetes.io/name: ingress-nginx         app.kubernetes.io/instance: ingress-nginx         app.kubernetes.io/component: controller     spec:       dnsPolicy: ClusterFirstWithHostNet   ## dns对应调整为主机网络       hostNetwork: true  ## 直接让nginx占用本机80端口和443端口,所以使用主机网络       containers:         - name: controller           image: registry.cn-hangzhou.aliyuncs.com/lanson_k8s_images/ingress-nginx-controller:v0.46.0           imagePullPolicy: IfNotPresent           lifecycle:             preStop:               exec:                 command:                   - /wait-shutdown           args:             - /nginx-ingress-controller             - --election-id=ingress-controller-leader             - --ingress-class=nginx             - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller             - --validating-webhook=:8443             - --validating-webhook-certificate=/usr/local/certificates/cert             - --validating-webhook-key=/usr/local/certificates/key           securityContext:             capabilities:               drop:                 - ALL               add:                 - NET_BIND_SERVICE             runAsUser: 101             allowPrivilegeEscalation: true           env:             - name: POD_NAME               valueFrom:                 fieldRef:                   fieldPath: metadata.name             - name: POD_NAMESPACE               valueFrom:                 fieldRef:                   fieldPath: metadata.namespace             - name: LD_PRELOAD               value: /usr/local/lib/libmimalloc.so           livenessProbe:             httpGet:               path: /healthz               port: 10254               scheme: HTTP             initialDelaySeconds: 10             periodSeconds: 10             timeoutSeconds: 1             successThreshold: 1             failureThreshold: 5           readinessProbe:             httpGet:               path: /healthz               port: 10254               scheme: HTTP             initialDelaySeconds: 10             periodSeconds: 10             timeoutSeconds: 1             successThreshold: 1             failureThreshold: 3           ports:             - name: http               containerPort: 80               protocol: TCP             - name: https               containerPort: 443               protocol: TCP             - name: webhook               containerPort: 8443               protocol: TCP           volumeMounts:             - name: webhook-cert               mountPath: /usr/local/certificates/               readOnly: true           resources:             requests:               cpu: 100m               memory: 90Mi             limits:               cpu: 1000m               memory: 800Mi       nodeSelector:         node-role: ingress        serviceAccountName: ingress-nginx       terminationGracePeriodSeconds: 300       volumes:         - name: webhook-cert           secret:             secretName: ingress-nginx-admission --- # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml # before changing this value, check the required kubernetes version # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata:   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   name: ingress-nginx-admission webhooks:   - name: validate.nginx.ingress.kubernetes.io     matchPolicy: Equivalent     rules:       - apiGroups:           - networking.k8s.io         apiVersions:           - v1beta1         operations:           - CREATE           - UPDATE         resources:           - ingresses     failurePolicy: Fail     sideEffects: None     admissionReviewVersions:       - v1       - v1beta1     clientConfig:       service:         namespace: ingress-nginx         name: ingress-nginx-controller-admission         path: /networking/v1beta1/ingresses --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook rules:   - apiGroups:       - admissionregistration.k8s.io     resources:       - validatingwebhookconfigurations     verbs:       - get       - update --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: ingress-nginx-admission subjects:   - kind: ServiceAccount     name: ingress-nginx-admission     namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx rules:   - apiGroups:       - ""     resources:       - secrets     verbs:       - get       - create --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   name: ingress-nginx-admission   annotations:     helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: ingress-nginx-admission subjects:   - kind: ServiceAccount     name: ingress-nginx-admission     namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml apiVersion: batch/v1 kind: Job metadata:   name: ingress-nginx-admission-create   annotations:     helm.sh/hook: pre-install,pre-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx spec:   template:     metadata:       name: ingress-nginx-admission-create       labels:         helm.sh/chart: ingress-nginx-3.30.0         app.kubernetes.io/name: ingress-nginx         app.kubernetes.io/instance: ingress-nginx         app.kubernetes.io/version: 0.46.0         app.kubernetes.io/managed-by: Helm         app.kubernetes.io/component: admission-webhook     spec:       containers:         - name: create           image: docker.io/jettech/kube-webhook-certgen:v1.5.1           imagePullPolicy: IfNotPresent           args:             - create             - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc             - --namespace=$(POD_NAMESPACE)             - --secret-name=ingress-nginx-admission           env:             - name: POD_NAMESPACE               valueFrom:                 fieldRef:                   fieldPath: metadata.namespace       restartPolicy: OnFailure       serviceAccountName: ingress-nginx-admission       securityContext:         runAsNonRoot: true         runAsUser: 2000 --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml apiVersion: batch/v1 kind: Job metadata:   name: ingress-nginx-admission-patch   annotations:     helm.sh/hook: post-install,post-upgrade     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded   labels:     helm.sh/chart: ingress-nginx-3.30.0     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/version: 0.46.0     app.kubernetes.io/managed-by: Helm     app.kubernetes.io/component: admission-webhook   namespace: ingress-nginx spec:   template:     metadata:       name: ingress-nginx-admission-patch       labels:         helm.sh/chart: ingress-nginx-3.30.0         app.kubernetes.io/name: ingress-nginx         app.kubernetes.io/instance: ingress-nginx         app.kubernetes.io/version: 0.46.0         app.kubernetes.io/managed-by: Helm         app.kubernetes.io/component: admission-webhook     spec:       containers:         - name: patch           image: docker.io/jettech/kube-webhook-certgen:v1.5.1           imagePullPolicy: IfNotPresent           args:             - patch             - --webhook-name=ingress-nginx-admission             - --namespace=$(POD_NAMESPACE)             - --patch-mutating=false             - --secret-name=ingress-nginx-admission             - --patch-failure-policy=Fail           env:             - name: POD_NAMESPACE               valueFrom:                 fieldRef:                   fieldPath: metadata.namespace       restartPolicy: OnFailure       serviceAccountName: ingress-nginx-admission       securityContext:         runAsNonRoot: true         runAsUser: 2000三、dashboard
  可以安装k8s的默认可视化平台
  GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
  注意: 官方下载来的默认没有指定授权,使用下面创建过授权的配置 # 获取dashboard访问令牌 kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk "{print $1}")apiVersion: v1 kind: Namespace metadata:   name: kubernetes-dashboard  ---  apiVersion: v1 kind: ServiceAccount metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard  ---  kind: Service apiVersion: v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard spec:   ports:     - port: 443       targetPort: 8443   selector:     k8s-app: kubernetes-dashboard  ---  apiVersion: v1 kind: Secret metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard-certs   namespace: kubernetes-dashboard type: Opaque  ---  apiVersion: v1 kind: Secret metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard-csrf   namespace: kubernetes-dashboard type: Opaque data:   csrf: ""  ---  apiVersion: v1 kind: Secret metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard-key-holder   namespace: kubernetes-dashboard type: Opaque  ---  kind: ConfigMap apiVersion: v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard-settings   namespace: kubernetes-dashboard  ---  kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard rules:   # Allow Dashboard to get, update and delete Dashboard exclusive secrets.   - apiGroups: [""]     resources: ["secrets"]     resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]     verbs: ["get", "update", "delete"]     # Allow Dashboard to get and update "kubernetes-dashboard-settings" config map.   - apiGroups: [""]     resources: ["configmaps"]     resourceNames: ["kubernetes-dashboard-settings"]     verbs: ["get", "update"]     # Allow Dashboard to get metrics.   - apiGroups: [""]     resources: ["services"]     resourceNames: ["heapster", "dashboard-metrics-scraper"]     verbs: ["proxy"]   - apiGroups: [""]     resources: ["services/proxy"]     resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]     verbs: ["get"]  ---  kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard rules:   # Allow Metrics Scraper to get metrics from the Metrics server   - apiGroups: ["metrics.k8s.io"]     resources: ["pods", "nodes"]     verbs: ["get", "list", "watch"]  ---  apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: kubernetes-dashboard subjects:   - kind: ServiceAccount     name: kubernetes-dashboard     namespace: kubernetes-dashboard    ---  kind: Deployment apiVersion: apps/v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard spec:   replicas: 1   revisionHistoryLimit: 10   selector:     matchLabels:       k8s-app: kubernetes-dashboard   template:     metadata:       labels:         k8s-app: kubernetes-dashboard     spec:       containers:         - name: kubernetes-dashboard           image: kubernetesui/dashboard:v2.2.0           imagePullPolicy: Always           ports:             - containerPort: 8443               protocol: TCP           args:             - --auto-generate-certificates             - --namespace=kubernetes-dashboard             # Uncomment the following line to manually specify Kubernetes API server Host             # If not specified, Dashboard will attempt to auto discover the API server and connect             # to it. Uncomment only if the default does not work.             # - --apiserver-host=http://my-address:port           volumeMounts:             - name: kubernetes-dashboard-certs               mountPath: /certs               # Create on-disk volume to store exec logs             - mountPath: /tmp               name: tmp-volume           livenessProbe:             httpGet:               scheme: HTTPS               path: /               port: 8443             initialDelaySeconds: 30             timeoutSeconds: 30           securityContext:             allowPrivilegeEscalation: false             readOnlyRootFilesystem: true             runAsUser: 1001             runAsGroup: 2001       volumes:         - name: kubernetes-dashboard-certs           secret:             secretName: kubernetes-dashboard-certs         - name: tmp-volume           emptyDir: {}       serviceAccountName: kubernetes-dashboard       nodeSelector:         "kubernetes.io/os": linux       # Comment the following tolerations if Dashboard must not be deployed on master       tolerations:         - key: node-role.kubernetes.io/master           effect: NoSchedule  ---  kind: Service apiVersion: v1 metadata:   labels:     k8s-app: dashboard-metrics-scraper   name: dashboard-metrics-scraper   namespace: kubernetes-dashboard spec:   ports:     - port: 8000       targetPort: 8000   selector:     k8s-app: dashboard-metrics-scraper  ---  kind: Deployment apiVersion: apps/v1 metadata:   labels:     k8s-app: dashboard-metrics-scraper   name: dashboard-metrics-scraper   namespace: kubernetes-dashboard spec:   replicas: 1   revisionHistoryLimit: 10   selector:     matchLabels:       k8s-app: dashboard-metrics-scraper   template:     metadata:       labels:         k8s-app: dashboard-metrics-scraper       annotations:         seccomp.security.alpha.kubernetes.io/pod: "runtime/default"     spec:       containers:         - name: dashboard-metrics-scraper           image: kubernetesui/metrics-scraper:v1.0.6           ports:             - containerPort: 8000               protocol: TCP           livenessProbe:             httpGet:               scheme: HTTP               path: /               port: 8000             initialDelaySeconds: 30             timeoutSeconds: 30           volumeMounts:           - mountPath: /tmp             name: tmp-volume           securityContext:             allowPrivilegeEscalation: false             readOnlyRootFilesystem: true             runAsUser: 1001             runAsGroup: 2001       serviceAccountName: kubernetes-dashboard       nodeSelector:         "kubernetes.io/os": linux       # Comment the following tolerations if Dashboard must not be deployed on master       tolerations:         - key: node-role.kubernetes.io/master           effect: NoSchedule       volumes:         - name: tmp-volume           emptyDir: {} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   name: kubernetes-dashboard   namespace: kubernetes-dashboard roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: cluster-admin subjects:   - kind: ServiceAccount     name: kubernetes-dashboard     namespace: kubernetes-dashboard四、helm应用商店curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
  helm国内源,但是版本很久没更新 http://mirror.azure.cn/kubernetes/charts/
  详细的安装介绍可以参数我上一篇文章
  有兴趣的同学可以点下面链接:
  云原生(三十) | Kubernetes篇之应用商店-Helm_Lansonli的博客-CSDN博客
北京师范大学北海附属中学和北海中学哪个学校好呢?姜还是老的辣,北海中学还是老大,广西北海市北海中学,简称北中,始建于1926年,是一所历史名校,教育虽然产业化厉害,北师大到处投资搞分校,但是百年树人,一所成立才几年的学校,如果和广东汕尾你们去过吗?不知不觉已经来汕尾工作五年了,变化真的很大!很适合生活非常安逸。我就是汕尾人,景点挺多的,风味小吃也挺多的,我们这里的特色是早茶,烧麦,风爪,小笼包,肠粉,菜茶,粿条,小米,油茶,为什么成绩并不出色的阿森纳有那么多球迷?因为阿森纳在我们小时候的成绩很好呀,而且对于大多数现在3040岁之间的球迷来说,20年前他们上学的时候对枪手的追逐是非常疯狂的,那个年代枪手缔造了英超49场不败,球队有亨利皮雷维埃如果包工头确实赔钱了,那他是否还有责任付给工人工资?包工头对工程预算都是很精明的,而且都是有经验的,是不可能赔钱的。这首先包工头只是包工而不是包工程材料及其它成本核算,包工头只是个带班干活的,只要干了活,做了工就会有钱,只要发包方给你看过中医吗?遇到过好中医吗?被中医治好过病吗?吃过确实管用的中药吗?这些我都没经历过,但我家人经历过。老妈五年前突然腿疼,不能下地,赶紧去医院吧,去了两家三甲医院,结论一致坐骨神经痛。那怎么治疗呢?结论也一致烤电按摩止痛药,过一段时间就不痛了,然后济宁嘉祥的楼房6000多,收入3000,为什么都还在县城买房?大聊城某县,房价直逼七千,工资三千多。房子开盘就光,抢都抢不到!原因一刚需。现在农村现状小伙多姑娘少,如果县城没房没车的男生,是说不到对象的。我们这二婚带孩子的女人还要县城有楼有车再过20年,城市老破小六层楼,和高层住宅,哪个值钱?如果是以前我不敢说,因为人们都是不珍惜自己拥有的,总觉得未知的没得到的才是最好的。但是现在从自己住的多层住宅和还没入住的总高34层的高层住宅给大家分析一下。多层优点我们一直居住的是有哪些大学不是很有名,但却有很牛的专业?感谢受邀请,下面是我的一些分享,愿能对考生和家长有一些帮助。更多志愿录取数据,请关注勋哥教你填志愿。下面列出的大学,不是211,也不是985,只是一些普通的本科高校,但这些高校有超婴儿甲醛过敏该怎么办?甲醛是我们日常生活中一直存在的隐形杀手,我们虽然是闻不到它,但是并不代表它是不存在的,它依旧是威胁着我们的生命安全,甲醛对于我们普通人的杀伤力已经是很大了,但是它对于那些抵抗力比较为什么有的老司机买车不买白色的?白色车真的不好吗?我表哥是修车的,他说白色车有3大优点和3大缺点,奉劝买车选颜色要三思,不然后悔都来不及!有经验的司机都说小买白,大挑黑,不大不小选银灰!但这句话就真的正确吗?2019年我准备买人生宝宝的新衣服用水泡太阳晒,能去除甲醛和荧光剂吗?有哪些好办法?我感觉还是不要想着去去除,而且荧光剂去不掉的。所以宝宝的衣服还是买好点,不过有品牌的衣服也不能保证没有荧光剂,所以自备一个测试电筒,也不贵,甲醛靠闻就可以了,尤其是宝宝的鞋子,好甲
<<<<<<>>>>>>
宁夏药监局发布开展美容美发机构和宾馆经营使用化妆品专项整治通知本网讯针对化妆品日常监管和群众反映的突出问题,为切实规范宁夏美容美发机构和宾馆经营使用化妆品行为,保障消费者合法权益,近日,宁夏药品监督管理局决定在全区开展美容美发机构和宾馆经营使全英羽毛球公开赛安赛龙无缘八强雅思组合涉险过关新华社伯明翰3月16日电(记者张薇)全英羽毛球公开赛16日决出全部5个单项的八强,丹麦名将安赛龙爆冷不敌马来西亚小将黄智勇,止步男单16强。中国队的郑思维黄雅琼在先失一局的情况下逆京东金融客服主动来电让你取消贷款?千万别上当!你知道京东金条吗?你用过京东金条吗?AboutKnowledge看懂了吧!京东金条可以实现超前消费在线贷无抵押实时批到账快一个字!爽!可是最近有不少人被京东金条骗了!京东不是大公司新华财经活体抵押贷款智慧畜牧贷破解畜牧企业融资难题新华社天津3月17日电(记者王宁)近日,在天津富优农业科技有限公司的牛舍内,随着一个个电子耳标打到奶牛的耳朵上,活体畜禽抵押流程全部完成,1500万元智慧畜牧贷成功发放。去年以来,成都鼓励银行业金融机构对符合条件的个人提供住房租赁消费贷款成都鼓励银行业金融机构对符合条件的个人提供住房租赁消费贷款财联社3月17日电,成都市金融监管局近日发布成都市关于加强新市民金融服务工作实施方案。其中提出,支持住房租赁市场发展。鼓励打出招商引资组合拳甘肃土特产福建泉州借船出海新华网兰州3月16日电(朱霞宋燕)近日,甘肃省特色农产品和食品加工产业链招商引资推介洽谈会在海丝名城福建省泉州市举办。此次活动由甘肃省农业农村厅主办,现场共签订特色农产品生产精深加走进杭州亚运会吉祥物生产工厂看萌萌哒吉祥物如何诞生钱晨菲摄3月16日,杭州滨江的一家杭州亚运会吉祥物生产工厂内,数十名工人正在紧张生产,每人每天可生产大约30只吉祥物。图为工人对杭州亚运会吉祥物进行包装。钱晨菲摄杭州亚运会吉祥物江易建联105布鲁克斯准三双广东五人上双22分大胜广州北京时间3月17日1935,20222023赛季CBA常规赛第36轮展开争夺,广东队客场10179战胜广州队。技术统计广东队布鲁克斯21分9篮板12助攻徐杰14分4助攻5抢断胡明轩何以风起洛阳?这座城市酒店预订量同比上涨超过23倍大河报豫视频记者李韶萌袁敏实习生吕效毅通讯员石智卫刘青王晓航文图朱阁璀璨入画,罗衣锦绣如云,在青砖黛瓦古色古香,一步一景间,年轻人裙裾飘飘团扇遮面穿梭于众多历史遗迹间今年以来,在洛痛快!广州大妈打人细节与背后丑事曝光,警方通报后网友一片骂声近日,广州地铁里一位大妈疯狂殴打一男子事件登上了热搜,有人谴责大妈无理取闹,有人说男子太窝囊,随着事件发酵,更多细节被网友扒出来。广州地铁里大妈对男子大打出手这件事发生在3月15日2023杭州临安半程马拉松3月26日鸣枪开跑3月17日下午,2023杭州临安半程马拉松新闻发布会在杭州市临安区博物馆举行。潮新闻记者从发布会上获悉,2023杭州临安半程马拉松将于3月26日上午8点鸣枪开跑。新闻发布会现场。主