文章目录

  • 部署K8S云驱动组件CloudDriver
    • 1. 准备镜像
    • 2. 制作minio的secret
    • 3. 准备k8s的用户配置
      • 3.1 签发证书
      • 3.2 做kubeconfig配置
    • 3. 创建ConfigMap
    • 4. 准备资源配置清单
    • 5. 应用资源配置清单
    • 6. 检测验证

部署K8S云驱动组件CloudDriver

1. 准备镜像

[root@k8s7-200.host.com ~]# docker pull armory/spinnaker-clouddriver-slim:release-1.8.x-14c9664
[root@k8s7-200.host.com ~]# docker tag edb2507fdb62 harbor.od.com/armory/clouddriver:v1.8.x
[root@k8s7-200.host.com ~]# docker push harbor.od.com/armory/clouddriver:v1.8.x

2. 制作minio的secret

[root@k8s7-22.host.com ~]# cat credentials
[default]
aws_access_key_id=admin
aws_secret_access_key=admin123[root@k8s7-22.host.com ~]# kubectl create secret generic credentials --from-file=./credentials -n armory
secret/credentials created

3. 准备k8s的用户配置

3.1 签发证书

[root@k8s7-200.host.com /opt/certs]# cp client-csr.json admin-csr.json
[root@k8s7-200.host.com /opt/certs]# cat admin-csr.json
{"CN": "cluster-admin","hosts": [],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","ST": "beijing","L": "beijing","O": "od","OU": "ops"}]
}[root@k8s7-200.host.com /opt/certs]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client admin-csr.json |cfssl-json -bare admin
2020/09/05 22:10:23 [INFO] generate received request
2020/09/05 22:10:23 [INFO] received CSR
2020/09/05 22:10:23 [INFO] generating key: rsa-2048
2020/09/05 22:10:24 [INFO] encoded CSR
2020/09/05 22:10:24 [INFO] signed certificate with serial number 99184751020176522675035668124249045707679954817
2020/09/05 22:10:24 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").[root@k8s7-200.host.com /opt/certs]# ll admin*
-rw-r--r-- 1 root root 1001 Sep  5 22:10 admin.csr
-rw-r--r-- 1 root root  286 Sep  5 22:08 admin-csr.json
-rw------- 1 root root 1679 Sep  5 22:10 admin-key.pem
-rw-r--r-- 1 root root 1371 Sep  5 22:10 admin.pem

3.2 做kubeconfig配置

任意运算节点

[root@k8s7-21.host.com ~]# scp k8s7-200:/opt/certs/ca.pem .
[root@k8s7-21.host.com ~]# scp k8s7-200:/opt/certs/admin.pem .
[root@k8s7-21.host.com ~]# scp k8s7-200:/opt/certs/admin-key.pem .
[root@k8s7-21.host.com ~]# kubectl config set-cluster myk8s --certificate-authority=./ca.pem --embed-certs=true --server=https://10.4.7.10:7443 --kubeconfig=config
Cluster "myk8s" set.
[root@k8s7-21.host.com ~]# kubectl config set-credentials cluster-admin --client-certificate=./admin.pem --client-key=./admin-key.pem --embed-certs=true --kubeconfig=config
User "cluster-admin" set.
[root@k8s7-21.host.com ~]# kubectl config set-context myk8s-context --cluster=myk8s --user=cluster-admin --kubeconfig=config
Context "myk8s-context" created.
kubectl config use-context myk8s-context --kubeconfig=config
[root@k8s7-21.host.com ~]# kubectl create clusterrolebinding myk8s-admin --clusterrole=cluster-admin --user=cluster-admin
clusterrolebinding.rbac.authorization.k8s.io/myk8s-admin created[root@k8s7-21.host.com ~]# kubectl config view
apiVersion: v1
clusters: []
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
[root@k8s7-21.host.com ~]# cd /root/.kube/
[root@k8s7-21.host.com ~/.kube]# ll
total 4
drwxr-x--- 3 root root   23 Aug  5 18:56 cache
drwxr-x--- 3 root root 4096 Sep  5 22:18 http-cache
[root@k8s7-21.host.com ~/.kube]# cp /root/config .
[root@k8s7-21.host.com ~/.kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:certificate-authority-data: DATA+OMITTEDserver: https://10.4.7.10:7443name: myk8s
contexts:
- context:cluster: myk8suser: cluster-adminname: myk8s-context
current-context: myk8s-context
kind: Config
preferences: {}
users:
- name: cluster-adminuser:client-certificate-data: REDACTEDclient-key-data: REDACTED验证cluster-admin用户
如果想让运维主机管理k8s集群,做以下操作:
[root@k8s7-200.host.com ~]# mkdir /root/.kube
[root@k8s7-200.host.com ~]# cd /root/.kube/
[root@k8s7-200.host.com ~/.kube]# scp -rp k8s7-21:/root/config .
root@k8s7-21's password:
config                                                                                                            100% 6206     4.4MB/s   00:00
[root@k8s7-200.host.com ~/.kube]# ll
total 8
-rw------- 1 root root 6206 Sep  5 22:17 config
[root@k8s7-200.host.com ~/.kube]# cd
[root@k8s7-200.host.com ~]# scp -rp k8s7-21:/opt/kubernetes/server/bin/kubectl /usr/bin/
root@k8s7-21's password:
kubectl                                                                                                           100%   41MB  47.8MB/s   00:00
[root@k8s7-200.host.com ~]# which kubectl
/usr/bin/kubectl[root@k8s7-200.host.com ~/.kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:certificate-authority-data: DATA+OMITTEDserver: https://10.4.7.10:7443name: myk8s
contexts:
- context:cluster: myk8suser: cluster-adminname: myk8s-context
current-context: myk8s-context
kind: Config
preferences: {}
users:
- name: cluster-adminuser:client-certificate-data: REDACTEDclient-key-data: REDACTED[root@k8s7-200.host.com ~/.kube]# kubectl get pods -n infra
NAME                             READY   STATUS    RESTARTS   AGE
alertmanager-587cf99d46-rf9jt    1/1     Running   0          4d3h
apollo-portal-57bc86966d-nfxrd   1/1     Running   1          16d
dubbo-monitor-6676dd74cc-8bnrf   1/1     Running   2          16d
grafana-5c5444964d-zrjsq         1/1     Running   0          8d
jenkins-7c85c8cb57-m6cvg         1/1     Running   4          23d
kafka-manager-6f476744f8-q24p8   1/1     Running   0          29h
kibana-5878d8d84d-vtsh9          1/1     Running   0          11h问题描述?
[root@k8s7-200.host.com ~]# kubectl get pods
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@k8s7-200.host.com ~]# echo "export KUBECONFIG=/root/.kube/config" >> ~/.bash_profile
[root@k8s7-200.host.com ~]# source ~/.bash_profile

3. 创建ConfigMap

[root@k8s7-21.host.com ~]# mv config default-kubeconfig
[root@k8s7-21.host.com ~]# kubectl create configmap default-kubeconfig --from-file=./default-kubeconfig -n armory
configmap/default-kubeconfig created

4. 准备资源配置清单

需要default-config.yaml文件请留言获取~~~~~~~~~

[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# cat init-env.yaml
# init-env.yaml
# 包括redis地址、对外的API接口域名等
apiVersion: v1
kind: ConfigMap
metadata:name: init-envnamespace: armory
data:API_HOST: http://spinnaker.od.com/apiARMORY_ID: c02f0781-92f5-4e80-86db-0ba8fe7b8544ARMORYSPINNAKER_CONF_STORE_BUCKET: armory-platformARMORYSPINNAKER_CONF_STORE_PREFIX: front50ARMORYSPINNAKER_GCS_ENABLED: "false"ARMORYSPINNAKER_S3_ENABLED: "true"AUTH_ENABLED: "false"AWS_REGION: us-east-1BASE_IP: 127.0.0.1CLOUDDRIVER_OPTS: -Dspring.profiles.active=armory,configurator,localCONFIGURATOR_ENABLED: "false"DECK_HOST: http://spinnaker.od.comECHO_OPTS: -Dspring.profiles.active=armory,configurator,localGATE_OPTS: -Dspring.profiles.active=armory,configurator,localIGOR_OPTS: -Dspring.profiles.active=armory,configurator,localPLATFORM_ARCHITECTURE: k8sREDIS_HOST: redis://redis:6379SERVER_ADDRESS: 0.0.0.0SPINNAKER_AWS_DEFAULT_REGION: us-east-1SPINNAKER_AWS_ENABLED: "false"SPINNAKER_CONFIG_DIR: /home/spinnaker/configSPINNAKER_GOOGLE_PROJECT_CREDENTIALS_PATH: ""SPINNAKER_HOME: /home/spinnakerSPRING_PROFILES_ACTIVE: armory,configurator,local[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# cat custom-config.yaml
# custom-config.yaml
# 该配置文件指定访问k8s、harbor、minio、Jenkins的访问方式
# 其中部分地址可以根据是否在k8s内部,和是否同一个名称空间来选择是否使用短域名
apiVersion: v1
kind: ConfigMap
metadata:name: custom-confignamespace: armory
data:clouddriver-local.yml: |kubernetes:enabled: trueaccounts:- name: spinnakeserviceAccount: falsedockerRegistries:- accountName: harbornamespace: []namespaces:- test- prodkubeconfigFile: /opt/spinnaker/credentials/custom/default-kubeconfigprimaryAccount: spinnakedockerRegistry:enabled: trueaccounts:- name: harborrequiredGroupMembership: []providerVersion: V1insecureRegistry: trueaddress: http://harbor.od.comusername: adminpassword: Harbor12345primaryAccount: harborartifacts:s3:enabled: trueaccounts:- name: armory-config-s3-accountapiEndpoint: http://minioapiRegion: us-east-1gcs:enabled: falseaccounts:- name: armory-config-gcs-accountcustom-config.json: ""echo-configurator.yml: |diagnostics:enabled: truefront50-local.yml: |spinnaker:s3:endpoint: http://minioigor-local.yml: |jenkins:enabled: truemasters:- name: jenkins-adminaddress: http://jenkins.infrausername: adminpassword: admin123primaryAccount: jenkins-adminnginx.conf: |gzip on;gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;server {listen 80;location / {proxy_pass http://armory-deck/;}location /api/ {proxy_pass http://armory-gate:8084/;}rewrite ^/login(.*)$ /api/login$1 last;rewrite ^/auth(.*)$ /api/auth$1 last;}spinnaker-local.yml: |services:igor:enabled: true[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: armory-clouddrivername: armory-clouddrivernamespace: armory
spec:replicas: 1selector:matchLabels:app: armory-clouddrivertemplate:metadata:annotations:artifact.spinnaker.io/location: '"armory"'artifact.spinnaker.io/name: '"armory-clouddriver"'artifact.spinnaker.io/type: '"kubernetes/deployment"'moniker.spinnaker.io/application: '"armory"'moniker.spinnaker.io/cluster: '"clouddriver"'labels:app: armory-clouddriverspec:containers:- name: armory-clouddriverimage: harbor.od.com/armory/clouddriver:v1.8.xcommand:- bash- -cargs:# 脚本在default-config.yaml中- bash /opt/spinnaker/config/default/fetch.sh && cd /home/spinnaker/config&& /opt/clouddriver/bin/clouddriverports:- containerPort: 7002protocol: TCPenv:- name: JAVA_OPTS# 生产中调大到2048-4096Mvalue: -Xmx1024MenvFrom:- configMapRef:name: init-envlivenessProbe:failureThreshold: 5httpGet:path: /healthport: 7002scheme: HTTPinitialDelaySeconds: 600periodSeconds: 3successThreshold: 1timeoutSeconds: 1readinessProbe:failureThreshold: 5httpGet:path: /healthport: 7002scheme: HTTPinitialDelaySeconds: 180periodSeconds: 3successThreshold: 5timeoutSeconds: 1securityContext: runAsUser: 0volumeMounts:- mountPath: /etc/podinfoname: podinfo- mountPath: /home/spinnaker/.awsname: credentials- mountPath: /opt/spinnaker/credentials/customname: default-kubeconfig- mountPath: /opt/spinnaker/config/defaultname: default-config- mountPath: /opt/spinnaker/config/customname: custom-configvolumes:- configMap:defaultMode: 420name: default-kubeconfigname: default-kubeconfig- configMap:defaultMode: 420name: custom-configname: custom-config- configMap:defaultMode: 420name: default-configname: default-config- name: credentialssecret:defaultMode: 420secretName: credentials- downwardAPI:defaultMode: 420items:- fieldRef:apiVersion: v1fieldPath: metadata.labelspath: labels- fieldRef:apiVersion: v1fieldPath: metadata.annotationspath: annotationsname: podinfo[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# cat service.yaml
apiVersion: v1
kind: Service
metadata:name: armory-clouddrivernamespace: armory
spec:ports:- port: 7002protocol: TCPtargetPort: 7002selector:app: armory-clouddriver

5. 应用资源配置清单

[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./init-env.yaml
configmap/init-env created
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./default-config.yaml
configmap/default-config created
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./custom-config.yaml
configmap/custom-config created
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./deployment.yaml
deployment.apps/armory-clouddriver created
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./service.yaml
service/armory-clouddriver created

6. 检测验证

259. 部署K8S云驱动组件CloudDriver相关推荐

  1. 腾讯云部署K8s集群

    腾讯云部署K8s集群 文章目录 腾讯云部署K8s集群 0. 导读(重要!!!一定要读) 1. 环境准备 版本 服务器配置 2. 安装步骤 所有主机操作 1. 提前准备 2. 安装docker 3. 安 ...

  2. 阿里云部署k8s集群

    ​ 阿里云部署k8s集群 前言 1.k8集群架构 Kubernetes Cluster = N Master Node + N Worker Node:N主节点+N工作节点: N>=1 2.机器 ...

  3. 阿里云部署K8s及一些排错体会

    前言 本文介绍如何在ubuntu上部署k8s集群,大致可以分为如下几个步骤: 修改ubuntu配置 安装docker 安装kubeadm.kubectl以及kubelet 初始化master节点 将s ...

  4. K8S云平台部署过程说明

    近期由于工作原因,在项目支持的过程中,进行了一次K8S的基础环境部署,云平台一直是公司的重要底座,而我由于一系列原因,一直没有亲自尝试,通过本次的机会,让我重新做了一遍,也找到了和以前部署传统环境一样 ...

  5. 通过阿里云ecs部署k8s集群

    通过阿里云ecs部署k8s集群 1. 搭建环境 2. 安装步骤 禁用Selinux Restart Docker 此处仅有两台服务器,一台master节点,一台node节点,后期可按照步骤继续增加no ...

  6. 【云原生Kubernetes系列第五篇】kubeadm v1.20 部署K8S 集群架构(人生这道选择题,总会有遗憾)

    系列文章目录 ??即日起,更新云原生相关知识,喜欢的小伙伴可以给我点个三连喔 ??收录至专栏 云原生 ??[云原生Docker系列第一篇]Docker镜像管理 ??[云原生Docker系列第二篇]Do ...

  7. (提示)ubuntu16.04通过sealos安装k8s,需要重新部署apply一下calico组件

    ubuntu16.04通过sealos安装k8s,需要重新部署apply一下calico组件

  8. 四、《云原生 | Kubernetes篇》二进制安装部署k8s高可用集群V1.24

    一.环境准备 1.1.部署k8s的两种方式 1)方式一:kubeadm部署 Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes ...

  9. 阿里云-ECS云服务器跨地域部署k8s集群

    阿里云-ECS云服务器跨地域部署k8s集群 一 .背景介绍 二.环境准备 2.1 ECS云服务资源清单 2.2 K8s软件列表 三.阿里云ECS服务器网络问题 3.1 问题阐述 3.2 解决方案 四. ...

最新文章

  1. scala学习手记25 - Curry化
  2. 精美日历EXCLE格式
  3. Python爬虫入门教程 18-100 煎蛋网XXOO图片抓取
  4. 【渝粤教育】电大中专测量学 (3)作业 题库
  5. 蓝色起源8月25日进行无人飞行,携带实验设备等上天
  6. POJ1212 HDU1650 UVA180 LA5240 Eeny Meeny【约瑟夫环】
  7. VC++学习(5):文本编程
  8. JSP还有必要学吗 这篇文章告诉你
  9. vb科学计算机ppt,《计算机级VB教程》PPT课件.ppt
  10. 《烈烈先秦》7、大秦的克星——侠将公子信陵君
  11. 少年宫计算机活动总结改进措施,少年宫乒乓球的活动总结
  12. 计算机毕业设计Java大学生第二课堂(源码+系统+mysql数据库+lw文档)
  13. cve-2018-1273复现思路及简单利用(避坑)
  14. monit 内存 监控_mac系统监控软件Monity for Mac
  15. LPC1788 引脚分析
  16. 【sdx62】SBL阶段读取GPIO的状态操作
  17. 笔记本电脑怎么录屏,3款简单操作电脑录屏软件
  18. Multiple users(Guest mode) 多用户或访客模式调试
  19. MySQL-日期处理
  20. 计算机在生活中的应用论文2000字,浅议计算机在生活中的应用论文(2)

热门文章

  1. 文件操作的几种常用方式
  2. Iidea 配置webContent项目,启动访问404
  3. 深度学习-多任务学习总结
  4. 活动结束啦,那么复盘该从哪些方面展开?
  5. mysql创建表时添加范式,MySql三大范式与数据库设计和表创建常用语句
  6. Vscode 配置 matlab 环境
  7. 平面设计表现手法常识
  8. 计算机信息处理技师选拔考试试题,江苏省机关事业单位工人技师部分工种选拔考试试卷...
  9. NBUT - 1723 有多少三元组
  10. vivox6s Android7.1,vivo计划为7款机型升安卓7.1 今日公测