259. 部署K8S云驱动组件CloudDriver
文章目录
- 部署K8S云驱动组件CloudDriver
- 1. 准备镜像
- 2. 制作minio的secret
- 3. 准备k8s的用户配置
- 3.1 签发证书
- 3.2 做kubeconfig配置
- 3. 创建ConfigMap
- 4. 准备资源配置清单
- 5. 应用资源配置清单
- 6. 检测验证
部署K8S云驱动组件CloudDriver
1. 准备镜像
[root@k8s7-200.host.com ~]# docker pull armory/spinnaker-clouddriver-slim:release-1.8.x-14c9664
[root@k8s7-200.host.com ~]# docker tag edb2507fdb62 harbor.od.com/armory/clouddriver:v1.8.x
[root@k8s7-200.host.com ~]# docker push harbor.od.com/armory/clouddriver:v1.8.x
2. 制作minio的secret
[root@k8s7-22.host.com ~]# cat credentials
[default]
aws_access_key_id=admin
aws_secret_access_key=admin123[root@k8s7-22.host.com ~]# kubectl create secret generic credentials --from-file=./credentials -n armory
secret/credentials created
3. 准备k8s的用户配置
3.1 签发证书
[root@k8s7-200.host.com /opt/certs]# cp client-csr.json admin-csr.json
[root@k8s7-200.host.com /opt/certs]# cat admin-csr.json
{"CN": "cluster-admin","hosts": [],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","ST": "beijing","L": "beijing","O": "od","OU": "ops"}]
}[root@k8s7-200.host.com /opt/certs]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client admin-csr.json |cfssl-json -bare admin
2020/09/05 22:10:23 [INFO] generate received request
2020/09/05 22:10:23 [INFO] received CSR
2020/09/05 22:10:23 [INFO] generating key: rsa-2048
2020/09/05 22:10:24 [INFO] encoded CSR
2020/09/05 22:10:24 [INFO] signed certificate with serial number 99184751020176522675035668124249045707679954817
2020/09/05 22:10:24 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").[root@k8s7-200.host.com /opt/certs]# ll admin*
-rw-r--r-- 1 root root 1001 Sep 5 22:10 admin.csr
-rw-r--r-- 1 root root 286 Sep 5 22:08 admin-csr.json
-rw------- 1 root root 1679 Sep 5 22:10 admin-key.pem
-rw-r--r-- 1 root root 1371 Sep 5 22:10 admin.pem
3.2 做kubeconfig配置
任意运算节点
[root@k8s7-21.host.com ~]# scp k8s7-200:/opt/certs/ca.pem .
[root@k8s7-21.host.com ~]# scp k8s7-200:/opt/certs/admin.pem .
[root@k8s7-21.host.com ~]# scp k8s7-200:/opt/certs/admin-key.pem .
[root@k8s7-21.host.com ~]# kubectl config set-cluster myk8s --certificate-authority=./ca.pem --embed-certs=true --server=https://10.4.7.10:7443 --kubeconfig=config
Cluster "myk8s" set.
[root@k8s7-21.host.com ~]# kubectl config set-credentials cluster-admin --client-certificate=./admin.pem --client-key=./admin-key.pem --embed-certs=true --kubeconfig=config
User "cluster-admin" set.
[root@k8s7-21.host.com ~]# kubectl config set-context myk8s-context --cluster=myk8s --user=cluster-admin --kubeconfig=config
Context "myk8s-context" created.
kubectl config use-context myk8s-context --kubeconfig=config
[root@k8s7-21.host.com ~]# kubectl create clusterrolebinding myk8s-admin --clusterrole=cluster-admin --user=cluster-admin
clusterrolebinding.rbac.authorization.k8s.io/myk8s-admin created[root@k8s7-21.host.com ~]# kubectl config view
apiVersion: v1
clusters: []
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
[root@k8s7-21.host.com ~]# cd /root/.kube/
[root@k8s7-21.host.com ~/.kube]# ll
total 4
drwxr-x--- 3 root root 23 Aug 5 18:56 cache
drwxr-x--- 3 root root 4096 Sep 5 22:18 http-cache
[root@k8s7-21.host.com ~/.kube]# cp /root/config .
[root@k8s7-21.host.com ~/.kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:certificate-authority-data: DATA+OMITTEDserver: https://10.4.7.10:7443name: myk8s
contexts:
- context:cluster: myk8suser: cluster-adminname: myk8s-context
current-context: myk8s-context
kind: Config
preferences: {}
users:
- name: cluster-adminuser:client-certificate-data: REDACTEDclient-key-data: REDACTED验证cluster-admin用户
如果想让运维主机管理k8s集群,做以下操作:
[root@k8s7-200.host.com ~]# mkdir /root/.kube
[root@k8s7-200.host.com ~]# cd /root/.kube/
[root@k8s7-200.host.com ~/.kube]# scp -rp k8s7-21:/root/config .
root@k8s7-21's password:
config 100% 6206 4.4MB/s 00:00
[root@k8s7-200.host.com ~/.kube]# ll
total 8
-rw------- 1 root root 6206 Sep 5 22:17 config
[root@k8s7-200.host.com ~/.kube]# cd
[root@k8s7-200.host.com ~]# scp -rp k8s7-21:/opt/kubernetes/server/bin/kubectl /usr/bin/
root@k8s7-21's password:
kubectl 100% 41MB 47.8MB/s 00:00
[root@k8s7-200.host.com ~]# which kubectl
/usr/bin/kubectl[root@k8s7-200.host.com ~/.kube]# kubectl config view
apiVersion: v1
clusters:
- cluster:certificate-authority-data: DATA+OMITTEDserver: https://10.4.7.10:7443name: myk8s
contexts:
- context:cluster: myk8suser: cluster-adminname: myk8s-context
current-context: myk8s-context
kind: Config
preferences: {}
users:
- name: cluster-adminuser:client-certificate-data: REDACTEDclient-key-data: REDACTED[root@k8s7-200.host.com ~/.kube]# kubectl get pods -n infra
NAME READY STATUS RESTARTS AGE
alertmanager-587cf99d46-rf9jt 1/1 Running 0 4d3h
apollo-portal-57bc86966d-nfxrd 1/1 Running 1 16d
dubbo-monitor-6676dd74cc-8bnrf 1/1 Running 2 16d
grafana-5c5444964d-zrjsq 1/1 Running 0 8d
jenkins-7c85c8cb57-m6cvg 1/1 Running 4 23d
kafka-manager-6f476744f8-q24p8 1/1 Running 0 29h
kibana-5878d8d84d-vtsh9 1/1 Running 0 11h问题描述?
[root@k8s7-200.host.com ~]# kubectl get pods
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@k8s7-200.host.com ~]# echo "export KUBECONFIG=/root/.kube/config" >> ~/.bash_profile
[root@k8s7-200.host.com ~]# source ~/.bash_profile
3. 创建ConfigMap
[root@k8s7-21.host.com ~]# mv config default-kubeconfig
[root@k8s7-21.host.com ~]# kubectl create configmap default-kubeconfig --from-file=./default-kubeconfig -n armory
configmap/default-kubeconfig created
4. 准备资源配置清单
需要default-config.yaml文件请留言获取~~~~~~~~~
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# cat init-env.yaml
# init-env.yaml
# 包括redis地址、对外的API接口域名等
apiVersion: v1
kind: ConfigMap
metadata:name: init-envnamespace: armory
data:API_HOST: http://spinnaker.od.com/apiARMORY_ID: c02f0781-92f5-4e80-86db-0ba8fe7b8544ARMORYSPINNAKER_CONF_STORE_BUCKET: armory-platformARMORYSPINNAKER_CONF_STORE_PREFIX: front50ARMORYSPINNAKER_GCS_ENABLED: "false"ARMORYSPINNAKER_S3_ENABLED: "true"AUTH_ENABLED: "false"AWS_REGION: us-east-1BASE_IP: 127.0.0.1CLOUDDRIVER_OPTS: -Dspring.profiles.active=armory,configurator,localCONFIGURATOR_ENABLED: "false"DECK_HOST: http://spinnaker.od.comECHO_OPTS: -Dspring.profiles.active=armory,configurator,localGATE_OPTS: -Dspring.profiles.active=armory,configurator,localIGOR_OPTS: -Dspring.profiles.active=armory,configurator,localPLATFORM_ARCHITECTURE: k8sREDIS_HOST: redis://redis:6379SERVER_ADDRESS: 0.0.0.0SPINNAKER_AWS_DEFAULT_REGION: us-east-1SPINNAKER_AWS_ENABLED: "false"SPINNAKER_CONFIG_DIR: /home/spinnaker/configSPINNAKER_GOOGLE_PROJECT_CREDENTIALS_PATH: ""SPINNAKER_HOME: /home/spinnakerSPRING_PROFILES_ACTIVE: armory,configurator,local[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# cat custom-config.yaml
# custom-config.yaml
# 该配置文件指定访问k8s、harbor、minio、Jenkins的访问方式
# 其中部分地址可以根据是否在k8s内部,和是否同一个名称空间来选择是否使用短域名
apiVersion: v1
kind: ConfigMap
metadata:name: custom-confignamespace: armory
data:clouddriver-local.yml: |kubernetes:enabled: trueaccounts:- name: spinnakeserviceAccount: falsedockerRegistries:- accountName: harbornamespace: []namespaces:- test- prodkubeconfigFile: /opt/spinnaker/credentials/custom/default-kubeconfigprimaryAccount: spinnakedockerRegistry:enabled: trueaccounts:- name: harborrequiredGroupMembership: []providerVersion: V1insecureRegistry: trueaddress: http://harbor.od.comusername: adminpassword: Harbor12345primaryAccount: harborartifacts:s3:enabled: trueaccounts:- name: armory-config-s3-accountapiEndpoint: http://minioapiRegion: us-east-1gcs:enabled: falseaccounts:- name: armory-config-gcs-accountcustom-config.json: ""echo-configurator.yml: |diagnostics:enabled: truefront50-local.yml: |spinnaker:s3:endpoint: http://minioigor-local.yml: |jenkins:enabled: truemasters:- name: jenkins-adminaddress: http://jenkins.infrausername: adminpassword: admin123primaryAccount: jenkins-adminnginx.conf: |gzip on;gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;server {listen 80;location / {proxy_pass http://armory-deck/;}location /api/ {proxy_pass http://armory-gate:8084/;}rewrite ^/login(.*)$ /api/login$1 last;rewrite ^/auth(.*)$ /api/auth$1 last;}spinnaker-local.yml: |services:igor:enabled: true[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: armory-clouddrivername: armory-clouddrivernamespace: armory
spec:replicas: 1selector:matchLabels:app: armory-clouddrivertemplate:metadata:annotations:artifact.spinnaker.io/location: '"armory"'artifact.spinnaker.io/name: '"armory-clouddriver"'artifact.spinnaker.io/type: '"kubernetes/deployment"'moniker.spinnaker.io/application: '"armory"'moniker.spinnaker.io/cluster: '"clouddriver"'labels:app: armory-clouddriverspec:containers:- name: armory-clouddriverimage: harbor.od.com/armory/clouddriver:v1.8.xcommand:- bash- -cargs:# 脚本在default-config.yaml中- bash /opt/spinnaker/config/default/fetch.sh && cd /home/spinnaker/config&& /opt/clouddriver/bin/clouddriverports:- containerPort: 7002protocol: TCPenv:- name: JAVA_OPTS# 生产中调大到2048-4096Mvalue: -Xmx1024MenvFrom:- configMapRef:name: init-envlivenessProbe:failureThreshold: 5httpGet:path: /healthport: 7002scheme: HTTPinitialDelaySeconds: 600periodSeconds: 3successThreshold: 1timeoutSeconds: 1readinessProbe:failureThreshold: 5httpGet:path: /healthport: 7002scheme: HTTPinitialDelaySeconds: 180periodSeconds: 3successThreshold: 5timeoutSeconds: 1securityContext: runAsUser: 0volumeMounts:- mountPath: /etc/podinfoname: podinfo- mountPath: /home/spinnaker/.awsname: credentials- mountPath: /opt/spinnaker/credentials/customname: default-kubeconfig- mountPath: /opt/spinnaker/config/defaultname: default-config- mountPath: /opt/spinnaker/config/customname: custom-configvolumes:- configMap:defaultMode: 420name: default-kubeconfigname: default-kubeconfig- configMap:defaultMode: 420name: custom-configname: custom-config- configMap:defaultMode: 420name: default-configname: default-config- name: credentialssecret:defaultMode: 420secretName: credentials- downwardAPI:defaultMode: 420items:- fieldRef:apiVersion: v1fieldPath: metadata.labelspath: labels- fieldRef:apiVersion: v1fieldPath: metadata.annotationspath: annotationsname: podinfo[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# cat service.yaml
apiVersion: v1
kind: Service
metadata:name: armory-clouddrivernamespace: armory
spec:ports:- port: 7002protocol: TCPtargetPort: 7002selector:app: armory-clouddriver
5. 应用资源配置清单
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./init-env.yaml
configmap/init-env created
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./default-config.yaml
configmap/default-config created
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./custom-config.yaml
configmap/custom-config created
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./deployment.yaml
deployment.apps/armory-clouddriver created
[root@k8s7-200.host.com /data/k8s-yaml/armory/clouddriver]# kubectl apply -f ./service.yaml
service/armory-clouddriver created
6. 检测验证
259. 部署K8S云驱动组件CloudDriver相关推荐
- 腾讯云部署K8s集群
腾讯云部署K8s集群 文章目录 腾讯云部署K8s集群 0. 导读(重要!!!一定要读) 1. 环境准备 版本 服务器配置 2. 安装步骤 所有主机操作 1. 提前准备 2. 安装docker 3. 安 ...
- 阿里云部署k8s集群
阿里云部署k8s集群 前言 1.k8集群架构 Kubernetes Cluster = N Master Node + N Worker Node:N主节点+N工作节点: N>=1 2.机器 ...
- 阿里云部署K8s及一些排错体会
前言 本文介绍如何在ubuntu上部署k8s集群,大致可以分为如下几个步骤: 修改ubuntu配置 安装docker 安装kubeadm.kubectl以及kubelet 初始化master节点 将s ...
- K8S云平台部署过程说明
近期由于工作原因,在项目支持的过程中,进行了一次K8S的基础环境部署,云平台一直是公司的重要底座,而我由于一系列原因,一直没有亲自尝试,通过本次的机会,让我重新做了一遍,也找到了和以前部署传统环境一样 ...
- 通过阿里云ecs部署k8s集群
通过阿里云ecs部署k8s集群 1. 搭建环境 2. 安装步骤 禁用Selinux Restart Docker 此处仅有两台服务器,一台master节点,一台node节点,后期可按照步骤继续增加no ...
- 【云原生Kubernetes系列第五篇】kubeadm v1.20 部署K8S 集群架构(人生这道选择题,总会有遗憾)
系列文章目录 ??即日起,更新云原生相关知识,喜欢的小伙伴可以给我点个三连喔 ??收录至专栏 云原生 ??[云原生Docker系列第一篇]Docker镜像管理 ??[云原生Docker系列第二篇]Do ...
- (提示)ubuntu16.04通过sealos安装k8s,需要重新部署apply一下calico组件
ubuntu16.04通过sealos安装k8s,需要重新部署apply一下calico组件
- 四、《云原生 | Kubernetes篇》二进制安装部署k8s高可用集群V1.24
一.环境准备 1.1.部署k8s的两种方式 1)方式一:kubeadm部署 Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes ...
- 阿里云-ECS云服务器跨地域部署k8s集群
阿里云-ECS云服务器跨地域部署k8s集群 一 .背景介绍 二.环境准备 2.1 ECS云服务资源清单 2.2 K8s软件列表 三.阿里云ECS服务器网络问题 3.1 问题阐述 3.2 解决方案 四. ...
最新文章
- scala学习手记25 - Curry化
- 精美日历EXCLE格式
- Python爬虫入门教程 18-100 煎蛋网XXOO图片抓取
- 【渝粤教育】电大中专测量学 (3)作业 题库
- 蓝色起源8月25日进行无人飞行,携带实验设备等上天
- POJ1212 HDU1650 UVA180 LA5240 Eeny Meeny【约瑟夫环】
- VC++学习(5):文本编程
- JSP还有必要学吗 这篇文章告诉你
- vb科学计算机ppt,《计算机级VB教程》PPT课件.ppt
- 《烈烈先秦》7、大秦的克星——侠将公子信陵君
- 少年宫计算机活动总结改进措施,少年宫乒乓球的活动总结
- 计算机毕业设计Java大学生第二课堂(源码+系统+mysql数据库+lw文档)
- cve-2018-1273复现思路及简单利用(避坑)
- monit 内存 监控_mac系统监控软件Monity for Mac
- LPC1788 引脚分析
- 【sdx62】SBL阶段读取GPIO的状态操作
- 笔记本电脑怎么录屏,3款简单操作电脑录屏软件
- Multiple users(Guest mode) 多用户或访客模式调试
- MySQL-日期处理
- 计算机在生活中的应用论文2000字,浅议计算机在生活中的应用论文(2)