使用K3S创建本地开发集群

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a1/a1f85e11678c1fe86abf0542ab6465b0.png","alt":"Treafik Logo","title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"📖 参考文档:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://mp.weixin.qq.com/s?__biz=MzU4MjQ0MTU4Ng==&mid=2247486685&idx=1&sn=e84b383bb73f75d8059bcceeb8413a6a&chksm=fdb903c0cace8ad6bff3cd0aeee1738c5d27db0e9fc20a6b6c00b81da39a033a2ded9c8dfd87","title":null},"content":[{"type":"text","text":"k8s技术圈 - 阳明 - 使用 K3s 和 Traefik 创建本地开发集群"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"本地集群需求"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":null,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"轻量; (下载的包小)"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"启动快; (最好是docker 方式启动, 而非VM)"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"占用资源少; (最好是docker 方式启动, 而非VM. 且需要是一个拥有Kubernetes完整功能的, 精简的发行版)"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"用过minikube, VM启动比较慢, 而且下载最新版的时候, 阿里云的mirror都没有最新版本的镜像, 导致一直启动不起来. 非常难受."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基于K3S的K3D完美符合我的以上需求."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"K3S简介 - 轻量级 Kubernetes"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"📖 参考文档:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://docs.rancher.cn/docs/k3s/_index","title":null},"content":[{"type":"text","text":"rancher.cn - K3s - 轻量级 Kubernetes"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"轻量级 Kubernetes。安装简单，内存只有一半，所有的二进制都不到 200MB。包含K3S的完整镜像大小如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":""},"content":[{"type":"text","text":" REPOSITORY                       TAG                 IMAGE ID           CREATED             SIZE\n rancher/k3s                     v1.18.2-k3s1       e9f6bccce7de       6 months ago       151MB"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我这边安装完成后, (又安装了traefik和Kubernetes dashboard和一个demo deployment), 消耗如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"CPU: 0.3 Core"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"内存: 1.2 G"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/81/81f4977892503cd85810560f65f606c5.png","alt":"image-20201107213926142","title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"适用于："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"边缘计算-Edge"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"物联网-IoT"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"CI"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Development"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"ARM"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"嵌入 K8s"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"不想深陷 k8s 运维管理的人"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K3s 是一个完全符合 Kubernetes 的发行版，有以下增强功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"打包为 "},{"type":"text","marks":[{"type":"strong"}],"text":"单个二进制"},{"type":"text","text":" 文件。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基于 "},{"type":"text","marks":[{"type":"strong"}],"text":"sqlite3"},{"type":"text","text":" 的轻量级存储后端作为默认存储机制。 etcd3，MySQL，Postgres 仍然可用。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"封装在简单的启动程序中，该启动程序处理很多复杂的 TLS 和选项。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默认情况下是安全的，对轻量级环境有合理的默认值。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"添加了简单但功能强大的“batteries-included”功能，例如：本地存储提供程序，服务负载均衡器，"},{"type":"text","marks":[{"type":"strong"}],"text":"Helm"},{"type":"text","text":" controller 和 "},{"type":"text","marks":[{"type":"strong"}],"text":"Traefik"},{"type":"text","text":" ingress controller。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"所有 Kubernetes 控制平面组件的操作都封装在单个二进制文件和进程中。这使 K3s 可以自动化和管理复杂的集群操作，例如分发证书。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"外部依赖性已最小化（仅需要现代内核和 cgroup 挂载）。 K3s 软件包需要依赖项，包括："}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"K3D - K3S in docker"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"k3d创建容器化的k3s集群。 这意味着，您可以使用docker在单台计算机上启动多节点k3s集群。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"K3D 快速入门"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"📖 参考文档:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://docs.rancher.cn/docs/octopus/quick-start/_index#1-%E4%BD%BF%E7%94%A8k3d%E6%90%AD%E5%BB%BAk3s%E9%9B%86%E7%BE%A4%E5%8F%AF%E9%80%89","title":null},"content":[{"type":"text","text":"rancher.cn - 使用 k3d 搭建 k3s 集群"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用 k3d 搭建 k3s 集群. "},{"type":"link","attrs":{"href":"https://github.com/rancher/k3d","title":null},"content":[{"type":"text","text":"k3d"}]},{"type":"text","text":"是快速搭建容器化 k3s 集群的工具。 可以使用 Docker 在单台计算机上启动多节点 k3s 集群。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"📓 备注:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我的计算机环境:"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"win10专业版 2004"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"WSL2 + Ubuntu20.04 + docker desktop"}]}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":null,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"运行以下指令，启动具有 3 个 worker 节点的本地 k3s 集群。(搭建集群搭吐了, 有现成官方脚本直接用. 亲测国内好用) 使用"},{"type":"codeinline","content":[{"type":"text","text":"root"}]},{"type":"text","text":"执行:"}]}]}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"curl -fL https://octopus-assets.oss-cn-beijing.aliyuncs.com/k3d/cluster-k3s-spinup.sh | bash -"}]},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"⚠️ 注意:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果安装成功，则应该看到以下日志:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"please input CTRL+C to stop the local cluster"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果想要停止K3S集群, 请运行"},{"type":"codeinline","content":[{"type":"text","text":"CTRL+C"}]}]}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":" % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n100 13549 100 13549 0 0 6784 0 0:00:01 0:00:01 --:--:-- 6781\n[INFO] [1107 17:02:03] cleanup proxy config\n[INFO] [1107 17:02:03] creating edge cluster with v1.18.2\n[INFO] [1107 17:02:03] INGRESS_HTTP_PORT is 54836\n[INFO] [1107 17:02:03] INGRESS_HTTPS_PORT is 54837\nINFO[0000] Created cluster network with ID ba03de48d65b8e1fbef6ff03cbba0b9e9ad008e7cc81d67d8393c69272a1c4b9\nINFO[0000] Add TLS SAN for 0.0.0.0\nINFO[0000] Created docker volume k3d-edge-images\nINFO[0000] Creating cluster [edge]\nINFO[0000] Creating server using docker.io/rancher/k3s:v1.18.2-k3s1...\nINFO[0006] SUCCESS: created cluster [edge]\nINFO[0006] You can now use the cluster with:\n\nexport KUBECONFIG=\"$(k3d get-kubeconfig --name='edge')\"\nkubectl cluster-info\n[WARN] [1107 17:02:09] default kubeconfig has been backup in /root/.kube/config_k3d_bak\n[INFO] [1107 17:02:09] edge cluster's kubeconfig wrote in /root/.kube/config now\n[INFO] [1107 17:02:09] waiting node edge-control-plane for ready\nINFO[0000] Adding 1 agent-nodes to k3d cluster edge...\nINFO[0000] Created agent-node with ID 752aebb8f9bb1af1c5fcf62ff9313163c243835373872595f38de03004257514\n[INFO] [1107 17:02:21] waiting node edge-worker for ready\nINFO[0000] Adding 1 agent-nodes to k3d cluster edge...\nINFO[0000] Created agent-node with ID 7d0aa70e24f387217d3094911a7c0f5fa2f504c1fe3e106b08d00f3a6b11158c\n[INFO] [1107 17:02:34] waiting node edge-worker1 for ready\nINFO[0000] Adding 1 agent-nodes to k3d cluster edge...\nINFO[0000] Created agent-node with ID 7b880c8966f9b8b252c5385ee10167384d9517c87ff60763989b69f5c3f344ab\n[INFO] [1107 17:02:47] waiting node edge-worker2 for ready\n[WARN] [1107 17:02:59] please input CTRL+C to stop the local cluster"}]},{"type":"numberedlist","attrs":{"start":2,"normalizeStart":2},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"打开一个新终端，并配置"},{"type":"codeinline","content":[{"type":"text","text":"KUBECONFIG"}]},{"type":"text","text":"以访问本地 k3s 集群。"}]}]}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"export KUBECONFIG=\"$(k3d get-kubeconfig --name='edge')\"\nkubectl cluster-info"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 输出结果如下:"}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"Kubernetes master is running at https://0.0.0.0:54835\nCoreDNS is running at https://0.0.0.0:54835/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy\nMetrics-server is running at https://0.0.0.0:54835/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy"}]},{"type":"numberedlist","attrs":{"start":3,"normalizeStart":3},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"运行"},{"type":"codeinline","content":[{"type":"text","text":"kubectl get node"}]},{"type":"text","text":"命令, 检查本地 k3s 集群的节点是否正常:"}]}]}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"# kubectl get node\nNAME STATUS ROLES AGE VERSION\nedge-worker Ready 3h17m v1.18.2+k3s1\nedge-worker2 Ready 3h17m v1.18.2+k3s1\nedge-control-plane Ready master 3h17m v1.18.2+k3s1\nedge-worker1 Ready 3h17m v1.18.2+k3s1"}]},{"type":"numberedlist","attrs":{"start":4,"normalizeStart":4},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"运行"},{"type":"codeinline","content":[{"type":"text","text":"kubectl get pod -A"}]},{"type":"text","text":"命令, 检查本地 k3s 集群的pod是否正常: (默认就已经部署好了traefik)"}]}]}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"kubectl get pod -A\nNAMESPACE NAME READY STATUS RESTARTS AGE\nkube-system metrics-server-7566d596c8-6h776 1/1 Running 0 3h18m\nkube-system local-path-provisioner-6d59f47c7-sz5tp 1/1 Running 0 3h18m\nkube-system coredns-8655855d6-lmrkq 1/1 Running 0 3h18m\nkube-system svclb-traefik-wxp6k 2/2 Running 0 133m\nkube-system svclb-traefik-jls5w 2/2 Running 0 133m\nkube-system svclb-traefik-j776k 2/2 Running 0 133m\nkube-system svclb-traefik-qbfx4 2/2 Running 0 133m\nkube-system helm-install-traefik-jxptl 0/1 Completed 0 120m\nkube-system traefik-6cbfb44969-r9fj2 1/1 Running 0 118m"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"📓 笔记:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K3D的快速启动脚本, 涉及到以下docker镜像: (只有第一个镜像是在外边pull的, 其他镜像其实都是在启动后的k3s 容器里pull的.)"}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"# docker images\nREPOSITORY TAG IMAGE ID CREATED SIZE\nrancher/k3s v1.18.2-k3s1 e9f6bccce7de 6 months ago 151MB\nrancher/klipper-helm v0.2.5 6207e2a3f522 6 months ago 136MB\nrancher/library-traefik 1.7.19-amd64 aa764f7db305 12 months ago 85.7MB\nrancher/metrics-server v0.3.6 9dd718864ce6 13 months ago 39.9MB\nrancher/local-path-provisioner v0.0.11 9d12f9848b99 13 months ago 36.2MB\nrancher/coredns-coredns 1.6.3 c4d3d16fe508 14 months ago 44.3MB"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"K3D的快速启动脚本, 会启动4个docker容器作为4个node节点:"}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"sudo docker ps\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n7b880c8966f9 rancher/k3s:v1.18.2-k3s1 \"/bin/k3s agent --no…\" 3 hours ago Up 3 hours k3d-edge-worker-3\n7d0aa70e24f3 rancher/k3s:v1.18.2-k3s1 \"/bin/k3s agent --no…\" 3 hours ago Up 3 hours k3d-edge-worker-2\n752aebb8f9bb rancher/k3s:v1.18.2-k3s1 \"/bin/k3s agent --no…\" 3 hours ago Up 3 hours k3d-edge-worker-1\ndca9851cf5d6 rancher/k3s:v1.18.2-k3s1 \"/bin/k3s server --h…\" 3 hours ago Up 3 hours 0.0.0.0:54835->54835/tcp, 0.0.0.0:54836->80/tcp, 0.0.0.0:54837->443/tcp k3d-edge-server"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"从上文可以看到, 1个k3s server(就是控制平面), 3个k3s agent. k3s server对外暴露了3个 "},{"type":"text","marks":[{"type":"strong"}],"text":"随机"},{"type":"text","text":" 端口:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":null,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"54835->54835"},{"type":"text","text":": K8S API"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"54836->80"},{"type":"text","text":": K8S Ingress的HTTP端口."}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"54837->443"},{"type":"text","text":": K8S Ingress的HTTPS端口."}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"部署Traefik Dashboard"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"所以我们要访问部署在容器中的应用, 就用这2个随机端口: "},{"type":"link","attrs":{"href":"http://localhost:54836","title":null},"content":[{"type":"text","text":"http://localhost:54836"}]},{"type":"text","text":" 或"},{"type":"link","attrs":{"href":"https://localhost:54836","title":null},"content":[{"type":"text","text":"https://localhost:54836"}]},{"type":"text","text":" . 部署好了后, 默认是没有任何的Ingress的, 所以访问这2个地址都是报: "},{"type":"codeinline","content":[{"type":"text","text":"404"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而且默认脚本是没有启用Traefik的Dashboard的, 管理不便. 我们将它启用起来."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先是进入到k3s server容器里. 这个容器没有"},{"type":"codeinline","content":[{"type":"text","text":"/bin/bash"}]},{"type":"text","text":", 只有"},{"type":"codeinline","content":[{"type":"text","text":"/bin/sh"}]},{"type":"text","text":", 如下:"}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"# docker exec -it ls /bin\naddgroup cat containerd-shim df expr fstrim i2cdetect ipcs kubectl lsof mkswap openvt ptx runcon sha512sum swapoff tr unxz whoami\nadduser charon containerd-shim-runc-v2 diff factor fuser i2cdump iplink last lspci mktemp partprobe pwd runlevel shred swapon traceroute unzip xargs\nar chattr coreutils dir fallocate getopt i2cget ipneigh less lsscsi modprobe passwd rdate sed shuf switch_root true uptime xtables-legacy-multi\narch chcon cp dircolors false getty i2cset iproute link lsusb more paste readlink seq sleep sync truncate users xxd\narp check-config cpio dirname fbset ginstall id iprule linux32 lzcat mountpoint patch readprofile setarch slirp4netns sysctl tsort usleep xz\narping chgrp crictl dmesg fdflush grep ifconfig ipset linux64 lzma mt pathchk realpath setconsole socat syslogd tty uudecode xzcat\nash chmod crond dnsd fdformat groups ifdown iptables linuxrc lzopcat mv pidof reboot setfattr sort tac ubirename uuencode yes\naux chown crontab dnsdomainname fdisk gunzip ifup iptables-restore ln makedevs nameif pigz renice setkeycodes split tail udhcpc vconfig zcat\nawk chroot csplit dos2unix fgrep gzip inetd iptables-save loadfont md5sum netstat ping reset setlogcons start-stop-daemon tar uevent vdir\nb2sum chrt ctr du find halt init iptunnel loadkmap mdev nice pinky resize setpriv stat tc umount vi\nbase32 chvt cut dumpkmap flannel hdparm insmod join logger mesg nl pipe_progress resume setserial strings tee uname vlock\nbase64 cksum date ebtables flock head install k3s login microcom nohup pivot_root rm setsid stty telnet unexpand w\nbasename clear dc echo fmt hexdump ip k3s-agent logname mkdir nproc portmap rmdir sh su test uniq watch\nblkid cmp dd egrep fold hexedit ip6tables k3s-server loopback mkdosfs nsenter poweroff rmmod sha1sum sulogin tftp unix2dos watchdog\nbridge cni deallocvt eject free host-local ip6tables-restore kill losetup mke2fs nslookup pr route sha224sum sum time unlink wc\nbunzip2 comm delgroup env freeramdisk hostid ip6tables-save killall ls mkfifo nuke printenv run-init sha256sum svc timeout unlzma wget\nbusybox conntrack deluser ether-wake fsck hostname ipaddr killall5 lsattr mknod numfmt printf run-parts sha384sum svok top unlzop which\nbzcat containerd devmem expand fsfreeze hwclock ipcrm klogd lsmod mkpasswd od ps runc sha3sum swanctl touch unpigz who"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"所以通过"},{"type":"codeinline","content":[{"type":"text","text":"/bin/sh"}]},{"type":"text","text":"进入到容器里:"}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"# docker exec -it /bin/sh\n---------------已经进入容器里--------------\n/ # cd /var/lib/rancher/k3s/server/manifests\n/var/lib/rancher/k3s/server/manifests # vi traefik.yaml"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"编辑后的"},{"type":"codeinline","content":[{"type":"text","text":"traefik.yaml"}]},{"type":"text","text":"如下: (增加:"},{"type":"codeinline","content":[{"type":"text","text":"dashboard.enabled: \"true\""}]},{"type":"text","text":" )"}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"apiVersion: helm.cattle.io/v1\nkind: HelmChart\nmetadata:\n name: traefik\n namespace: kube-system\nspec:\n chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz\n valuesContent: |-\n rbac:\n enabled: true\n ssl:\n enabled: true\n metrics:\n prometheus:\n enabled: true\n kubernetes:\n ingressEndpoint:\n useDefaultPublishedService: true\n dashboard:\n enabled: true\n image: \"rancher/library-traefik\"\n tolerations:\n - key: \"CriticalAddonsOnly\"\n operator: \"Exists\"\n - key: \"node-role.kubernetes.io/master\"\n operator: \"Exists\"\n effect: \"NoSchedule\""}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"保存后就会重新部署"},{"type":"codeinline","content":[{"type":"text","text":"traefik.yaml"}]},{"type":"text","text":", 如下:"}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"# kubectl get events -n kube-system\nLAST SEEN TYPE REASON OBJECT MESSAGE\n43s Normal Pulled pod/helm-install-traefik-jxptl Successfully pulled image \"rancher/klipper-helm:v0.2.5\"\n43s Normal Created pod/helm-install-traefik-jxptl Created container helm\n43s Normal Started pod/helm-install-traefik-jxptl Started container helm\n43s Normal ScalingReplicaSet deployment/traefik Scaled up replica set traefik-6cbfb44969 to 1\n43s Normal SuccessfulCreate replicaset/traefik-6cbfb44969 Created pod: traefik-6cbfb44969-r9fj2\n Normal Scheduled pod/traefik-6cbfb44969-r9fj2 Successfully assigned kube-system/traefik-6cbfb44969-r9fj2 to edge-worker2\n42s Normal Pulling pod/traefik-6cbfb44969-r9fj2 Pulling image \"rancher/library-traefik:1.7.19\"\n42s Normal Completed job/helm-install-traefik Job completed\n41s Normal SandboxChanged pod/helm-install-traefik-jxptl Pod sandbox changed, it will be killed and re-created.\n9s Normal Pulled pod/traefik-6cbfb44969-r9fj2 Successfully pulled image \"rancher/library-traefik:1.7.19\"\n9s Normal Created pod/traefik-6cbfb44969-r9fj2 Created container traefik\n9s Normal Started pod/traefik-6cbfb44969-r9fj2 Started container traefik"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"部署后, 会自动配置ingress, 如下:"}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"# kubectl get ingress -A\nNAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE\nkube-system traefik-dashboard traefik.example.com 172.18.0.2 80 149m"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"所以我们配置hosts: "},{"type":"codeinline","content":[{"type":"text","text":"127.0.0.1 traefik.example.com"}]},{"type":"text","text":". 就可以访问: "},{"type":"link","attrs":{"href":"http://traefik.example.com:54836/dashboard/","title":null},"content":[{"type":"text","text":"http://traefik.example.com:54836/dashboard/"}]},{"type":"text","text":", 如下图所示:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/c2/c2db0087062fba9b9e491ebc8ddf8d1a.png","alt":"image-20201107205521383","title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"📓 备注:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其实还有另一种方法可以进行访问: "},{"type":"codeinline","content":[{"type":"text","text":"kubectl port-forward"}]},{"type":"text","text":". 如下:"}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":" $ kubectl port-forward $(kubectl get pods --selector \"app=traefik\" --output=name -n kube-system) --address 0.0.0.0 8080:8080 -n kube-system"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"则可以通过"},{"type":"link","attrs":{"href":"http://localhost:8080/dashboard/","title":null},"content":[{"type":"text","text":"http://localhost:8080/dashboard/"}]},{"type":"text","text":" 访问到traefik的管理页面."}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"部署应用"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用"},{"type":"codeinline","content":[{"type":"text","text":"whoami"}]},{"type":"text","text":" 应用程序部署测试."}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"$ kubectl create deploy whoami --image containous/whoami\ndeployment.apps/whoami created\n$ kubectl expose deploy whoami --port 80\nservice/whoami exposed"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"然后我们定义一个 Ingress 规则来使用我们新的 Traefik，Traefik 既能读取自己的 CRD IngressRoute，也能读取传统的 Ingress 资源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":" vi whoami-ingress.yaml"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"具体内容如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"apiVersion: networking.k8s.io/v1beta1\nkind: Ingress\nmetadata:\n name: whoami\n annotations:\n traefik.ingress.kubernetes.io/router.entrypoints: web,websecure\n traefik.ingress.kubernetes.io/router.tls: \"true\"\nspec:\n rules:\n - http:\n paths:\n - path: /\n backend:\n serviceName: whoami\n servicePort: 80"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"kubectl apply"}]},{"type":"text","text":"应用:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":" kubectl apply -f whoami-ingress.yaml -n default"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在这个例子中，我们在 HTTP 和 HTTPs 两个入口点上暴露了 whoami 服务，每一个 URL 都会被发送到该服务上，我们可以在 Traefik Dashboard 上看到新的Ingress。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/61/61a425550387c908d1d32d4609f00121.png","alt":"image-20201107210458283","title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"要测试这个应用我们可以直接在浏览器中访问："},{"type":"link","attrs":{"href":"http://localhost:54836/","title":null},"content":[{"type":"text","text":"http://localhost:54836/"}]},{"type":"text","text":" 即可，这是因为上面我们安装 Traefik 的时候自动创建了一个 LoadBalancer 的 Service 服务。为啥要加端口号, 因为k3s server在容器里, 映射到外边是"},{"type":"codeinline","content":[{"type":"text","text":"54386"}]},{"type":"text","text":" 端口."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"部署Kubernetes 仪表盘"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"GITHUB_URL=https://github.com/kubernetes/dashboard/releases\nVERSION_KUBE_DASHBOARD=$(curl -w '%{url_effective}' -I -L -s -S ${GITHUB_URL}/latest -o /dev/null | sed -e 's|.*/||')\nkubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/${VERSION_KUBE_DASHBOARD}/aio/deploy/recommended.yaml"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"输出如下:"}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"namespace/kubernetes-dashboard created\nserviceaccount/kubernetes-dashboard created\nservice/kubernetes-dashboard created\nsecret/kubernetes-dashboard-certs created\nsecret/kubernetes-dashboard-csrf created\nsecret/kubernetes-dashboard-key-holder created\nconfigmap/kubernetes-dashboard-settings created\nrole.rbac.authorization.k8s.io/kubernetes-dashboard created\nclusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created\nrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created\nclusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created\ndeployment.apps/kubernetes-dashboard created\nservice/dashboard-metrics-scraper created\ndeployment.apps/dashboard-metrics-scraper created"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"验证pod已正常启动:"}]},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"# kubectl get pod -n kubernetes-dashboard\nNAME READY STATUS RESTARTS AGE\ndashboard-metrics-scraper-6b4884c9d5-ltk42 1/1 Running 0 14m\nkubernetes-dashboard-7d8574ffd9-sptn6 1/1 Running 0 98s"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"仪表盘 RBAC 配置"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"⚠️ 重要:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本指南中创建的 "},{"type":"codeinline","content":[{"type":"text","text":"admin-user"}]},{"type":"text","text":" 将在仪表板中拥有管理权限。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"创建以下资源清单文件："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"vi dashboard.admin-user.yml\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: admin-user\n namespace: kubernetes-dashboard"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"vi dashboard.admin-user-role.yml\n\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: admin-user\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: cluster-admin\nsubjects:\n - kind: ServiceAccount\n name: admin-user\n namespace: kubernetes-dashboard"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"部署"},{"type":"codeinline","content":[{"type":"text","text":"admin-user"}]},{"type":"text","text":" 配置:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":" kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"获得 Bearer Token"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":" kubectl -n kubernetes-dashboard describe secret admin-user-token | grep ^token"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"结果如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"yaml"},"content":[{"type":"text","text":" token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Im9XNENjc0VlSzVBTDJGRWpPT2VuY1pkbzNJblYybFFwY2YxQnBvZVlMVlEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXA1Y253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0NmI4NGFkYS02MDQ3LTQzN2EtODk2My1lY2NmZWQ4MjE0ZDQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.N8Zhsf2JU5Hoa8yfhrspJbMGP7AFmfs2JeWXVpDksAEMfWf5mI-MXYcqMkbZ9_Qbwp-h9S7k7oZE41lUp8UXlDWi0Ovm4I4fsuoWqq-aJoyt-c060bWNla1edVZ5BzMTanIYzJHPjS7-cOnsxqg-EtXfdN3JRsiE0QevLvJLhYU37HFc7-cImJ8iH8-r-GHCD8MmuBbTV0EBidLmSo-BdWC5hcZoYghgNtfnMkN0p1e3O23EPRO2XDmaw_lVN4TNgZXPS9hirBD1AZxm1ZE1Iyo2mSOgYjCNQOF8IcaUtjTGqt4RzK4R9AWRbL9z-HMbK_JamcQvDz3fnW3aauCezQ"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"本地访问仪表盘:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":" kubectl proxy"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"现在可以通过以下网址访问仪表盘："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":""},"content":[{"type":"text","text":" http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/\n  使用admin-user Bearer Token Sign In"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/be/be0e5f973af4d205a982b5b9d675564b.png","alt":"image-20201107213623363","title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"更多仪表盘访问方式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"codeinline","content":[{"type":"text","marks":[{"type":"strong"}],"text":"port-forward"}]},{"type":"text","text":"方式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":" $ kubectl port-forward $(kubectl get pods --selector \"k8s-app=kubernetes-dashboard\" --output=name -n kubernetes-dashboard) --address 0.0.0.0 8443:8443 -n kubernetes-dashboard"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"Helm 部署应用"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"# helm repo add stable http://mirror.azure.cn/kubernetes/charts\n# helm repo update\n# helm install jenkins stable/jenkins\nWARNING: This chart is deprecated\nNAME: jenkins\nLAST DEPLOYED: Sat Nov 7 22:25:02 2020\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nNOTES:\n*******************\n****DEPRECATED*****\n*******************\n* The Jenkins chart is deprecated. Future development has been moved to https://github.com/jenkinsci/helm-charts\n\n1. Get your 'admin' user password by running:\n printf $(kubectl get secret --namespace default jenkins -o jsonpath=\"{.data.jenkins-admin-password}\" | base64 --decode);echo\n2. Get the Jenkins URL to visit by running these commands in the same shell:\n export POD_NAME=$(kubectl get pods --namespace default -l \"app.kubernetes.io/component=jenkins-master\" -l \"app.kubernetes.io/instance=jenkins\" -o jsonpath=\"{.items[0].metadata.name}\")\n echo http://127.0.0.1:8080\n kubectl --namespace default port-forward $POD_NAME 8080:8080\n\n3. Login with the password from step 1 and the username: admin\n\n4. Use Jenkins Configuration as Code by specifying configScripts in your values.yaml file, see documentation: http:///configuration-as-code and examples: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos\n\nFor more information on running Jenkins on Kubernetes, visit:\nhttps://cloud.google.com/solutions/jenkins-on-container-engine\nFor more information about Jenkins Configuration as Code, visit:\nhttps://jenkins.io/projects/jcasc/"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"总结"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过K3S/K3D, 有以下优势:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":null,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"创建, 部署, 启动集群快;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"集群消耗资源少;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"创建的集群拥有完善的基础功能;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"可以提供和标准K8S集群一致的:"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}