云计算运维一步步编译安装Kubernetes之插件安装
导读:介绍flannelFlannel是 CoreOS 团队针对 Kubernetes 设计的一个覆盖网络(Overlay Network)工具,其目的在于帮助每一个使用 Kuberentes 的 CoreOS 主机拥有一个完整的子网。这次的分享...
介绍flannel
Flannel是 CoreOS 团队针对 Kubernetes 设计的一个覆盖网络(Overlay Network)工具,其目的在于帮助每一个使用 Kuberentes 的 CoreOS 主机拥有一个完整的子网。这次的分享内容将从Flannel的介绍、工作原理及安装和配置三方面来介绍这个工具的使用方法。
Flannel通过给每台宿主机分配一个子网的方式为容器提供虚拟网络,它基于Linux TUN/TAP,使用UDP封装IP包来创建overlay网络,并借助etcd维护网络的分配情况。
Flannel is a simple and easy way to configure a layer 3 network fabric designed for Kubernetes.
flannel工作模式
模式 | 特点 |
|---|---|
host-gw | 这种方式就是直接路由(相当于route add ) |
vxlan | 是flannel推荐的方式。需要通信的网络设备能够支持vxlan协议(相当于VPN) |
udp | 该方式与vxlan很类似,它对ip层网络进行包装。通常用于调试环境或者不支持vxlan协议网络环境中。 |
flannel下载地址
主机名 | 角色 | ip |
|---|---|---|
k8s-node01.boysec.cn | flannel | 10.1.1.100 |
k8s-node02.boysec.cn | flannel | 10.1.1.110 |
注意:这里部署文档以k8s-node01.boysec.cn主机为例,另外一台运算节点安装部署方法类似
下载软件,解压,做软连接
k8s-node01上
### 进入上传文件目录
cd /server/tools
### 创建所需要文件
mkdir -p /opt/flannel-v0.11.0-linux-amd64/cert
### 解压创建软连接
tar xf flannel-v0.11.0-linux-amd64.tar.gz -C /opt/flannel-v0.11.0-linux-amd64/
ln -s /opt/flannel-v0.11.0-linux-amd64 /opt/flannel
ls -l /opt|grep flannel
### 拷贝证书
[root@k8s-dns certs]# scp ca.pem client.pem client-key.pem k8s-master1:/opt/flannel-v0.11.0-linux-amd64/cert
## k8s-node01
[root@k8s-node01 flannel]# tree
.
├── cert
│ ├── ca.pem
│ ├── client-key.pem
│ └── client.pem操作etcd,增加host-gw
### 查询哪一个etcd服务为主
/opt/etcd/etcdctl member list
391901db80420245: name=etcd-server-110 peerURLs=https://10.1.1.110:2380 clientURLs=http://127.0.0.1:2379,https://10.1.1.110:2379 isLeader=false
b0e9893d2afd604d: name=etcd-server-130 peerURLs=https://10.1.1.130:2380 clientURLs=http://127.0.0.1:2379,https://10.1.1.100:2379 isLeader=false
cf6b4f78d74de8cf: name=etcd-server-100 peerURLs=https://10.1.1.100:2380 clientURLs=http://127.0.0.1:2379,https://10.1.1.100:2379 isLeader=true
### 在k8s-node01上
/opt/etcd/etcdctl set /coreos.com/network/config '{
"Network": "172.7.0.0/16", "Backend": {
"Type": "host-gw"}
}
'
{
"Network": "172.7.0.0/16", "Backend": {
"Type": "host-gw"}
}
创建配置
k8s-node01上:
vi /opt/flannel/subnet.env
FLANNEL_NETWORK=172.7.0.0/16
FLANNEL_SUBNET=172.7.21.1/24
FLANNEL_MTU=1500
FLANNEL_IPMASQ=false注意:flannel集群各主机的配置略有不同,部署其他节点时注意修改。
创建启动脚本
k8s-node01上:
vi /opt/flannel/flanneld.sh
#!/bin/sh
./flanneld \
--public-ip=10.1.1.100 \
--etcd-endpoints=https://10.1.1.100:2379,https://10.1.1.110:2379,https://10.1.1.130:2379 \
--etcd-keyfile=./cert/client-key.pem \
--etcd-certfile=./cert/client.pem \
--etcd-cafile=./cert/ca.pem \
--iface=eth0 \
--subnet-file=./subnet.env \
--healthz-port=2401
### 检查配置,权限,创建日志目录
chmod +x /opt/flannel/flanneld.sh
mkdir -p /data/logs/flanneld创建supervisor配置
vim /etc/supervisord.d/flanneld.ini
[program:flanneld-100]
command=/opt/flannel/flanneld.sh ;
the program (relative uses PATH, can take args)
numprocs=1 ;
number of processes copies to start (def 1)
directory=/opt/flannel ;
directory to cwd to before exec (def no cwd)
autostart=true ;
start at supervisord start (default: true)
autorestart=true ;
retstart at unexpected quit (default: true)
startsecs=30 ;
number of secs prog must stay running (def. 1)
startretries=3 ;
max # of serial start failures (default 3)
exitcodes=0,2 ;
'expected' exit codes for process (default 0,2)
stopsignal=QUIT ;
signal used to kill process (default TERM)
stopwaitsecs=10 ;
max num secs to wait b4 SIGKILL (default 10)
user=root ;
setuid to this UNIX account to run the program
redirect_stderr=true ;
redirect proc stderr to stdout (default false)
stdout_logfile=/data/logs/flanneld/flanneld.stdout.log ;
stdout log path, NONE for none;
default AUTO
stdout_logfile_maxbytes=64MB ;
max # logfile bytes b4 rotation (default 50MB)
stdout_logfile_backups=4 ;
# of stdout logfile backups (default 10)
stdout_capture_maxbytes=1MB ;
number of bytes in 'capturemode' (default 0)
stdout_events_enabled=false ;
emit events on stdout writes (default false)启动服务并检查
supervisorctl update
supervisorctl status
netstat -lnpt|grep 2401
[root@k8s-node01 flannel]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.1.2 0.0.0.0 UG 100 0 0 eth0
10.1.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
172.7.21.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.7.22.0 10.1.1.110 255.255.255.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-ff445de2ba86
### 成功
[root@k8s-node01 flannel]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ds-76457c4c9d-knbts 1/1 Running 0 48m 172.7.21.3 10.1.1.100 none>
none>
nginx-ds-76457c4c9d-xhrrh 1/1 Running 0 27h 172.7.22.2 10.1.1.110 none>
none>
[root@k8s-node01 flannel]# ping 172.7.22.2
PING 172.7.22.2 (172.7.22.2) 56(84) bytes of data.
64 bytes from 172.7.22.2: icmp_seq=1 ttl=63 time=0.707 ms
64 bytes from 172.7.22.2: icmp_seq=2 ttl=63 time=0.571 ms
64 bytes from 172.7.22.2: icmp_seq=3 ttl=63 time=0.846 ms优化SNAT转换
flannel之SNAT规则优化的目的是由于在K8S中的容器内,访问不同宿主机中的容器的资源的时候,日志文件会记录为宿主机的IP地址,而不是记录为容器本身自己的IP地址,建议在不同的宿主机上的容器互访的时候,在日志文件中查询到的IP地址均为容器的真实的IP地址。如下图所示,是为宿主机或进入宿主机的容器中进行curl访问另外node节点的容器,都会被记录成宿主机的IP地址,这样就会导致不同宿主机的容器互访,会经过一次SNAT转换,而实际上,不同宿主机容器之间的访问,应该会被记录为容器的实际IP地址而非宿主机的IP地址
解决两宿主机容器之间的透明访问,如不进行优化,容器之间的访问,日志记录为宿主机的IP地址。
yum -y install iptables-services
## 启动iptables
systemctl start iptables.service
systemctl enable iptables.service
## 删除这俩条规则
iptables -t filter -D INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -t filter -D FORWARD -j REJECT --reject-with icmp-host-prohibited
## 优化SNAT规则
iptables -t nat -D POSTROUTING -s 172.7.21.0/24 ! -o docker0 -j MASQUERADE
iptables -t nat -I POSTROUTING -s 172.7.21.0/24 ! -d 172.7.0.0/16 ! -o docker0 -j MASQUERADE10.1.1.100主机上的,源地址是172.7.21.0/24,请求目标ip不是172.7.0.0/16段和网络发包不从docker0设备出站的,才进行SNAT转换
优化前后访问
kubectl logs nginx-ds-85fc6f4dff-6g6tb
10.1.1.100 - - [06/Aug/2020:10:43:23 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.52.1" "-"
172.7.22.2 - - [06/Aug/2020:10:46:23 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.52.1" "-"部署kube-dns(coredns)
部署k8s资源配置清单的内网http服务
k8s-dns上
vim /etc/nginx/conf.d/k8s-yaml.od.com.conf
server {
listen 80;
server_name k8s-yaml.od.com;
location / {
autoindex on;
default_type text/plain;
root /var/k8s-yaml;
}
}
### 创建目录
mkdir /var/k8s-yaml/coredns -p准备coredns镜像
运维主机k8s-dns上:
docker pull coredns/coredns:1.6.5
docker tag coredns/coredns:1.6.5 harbor.od.com/public/coredns:v1.6.5
docker push harbor.od.com/public/coredns:v1.6.5准备资源配置清单
运维主机k8s-dns上:
- RBAC
- configmap
- Deployment
- Service
vim /var/k8s-yaml/coredns/rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-systemvim /var/k8s-yaml/coredns/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
log
health
kubernetes cluster.local 192.168.0.0/16
forward . 10.1.1.254
cache 30
loop
reload
loadbalance
}
关键参数解释:
kubernetes cluster.local 192.168.0.0/16 Cluster网段(该网段就是service ip地址范围)
forward . 10.1.1.254 制定上级dns服务器地址
vim /var/k8s-yaml/coredns/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
replicas: 1
selector:
matchLabels:
k8s-app: coredns
template:
metadata:
labels:
k8s-app: coredns
spec:
serviceAccountName: coredns
containers:
- name: coredns
image: harbor.od.com/public/coredns:v1.6.5
args:
- -conf
- /etc/coredns/Corefile
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
dnsPolicy: Default
imagePullSecrets:
- name: harbor
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefilevim /var/k8s-yaml/coredns/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: coredns
clusterIP: 192.168.0.2
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53依次执行创建
浏览器打开:http://k8s-yaml.od.com/coredns 检查资源配置清单文件是否正确创建
kubectl apply -f http://k8s-yaml.od.com/coredns/rbac.yaml
#serviceaccount/coredns created
#clusterrole.rbac.authorization.k8s.io/system:coredns created
#clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
kubectl apply -f http://k8s-yaml.od.com/coredns/configmap.yaml
#configmap/coredns created
kubectl apply -f http://k8s-yaml.od.com/coredns/deployment.yaml
#deployment.apps/coredns created
kubectl apply -f http://k8s-yaml.od.com/coredns/svc.yaml
#service/coredns created检查验证
[root@k8s-node01 ~]# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-97c47b95c-krc7n 1/1 Running 0 6m33s 172.7.21.3 k8s-node01.boysec.cn none>
none>
[root@k8s-node02 ~]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns ClusterIP 192.168.0.2 none>
53/UDP,53/TCP 6m41s部署traefik(ingress)
准备traefik镜像
运维主机k8s-dns上:
docker pull traefik:v1.7.26
docker tag traefik:v1.7.26 harbor.od.com/public/traefik:v1.7.26
docker push harbor.od.com/public/traefik:v1.7.26 准备资源配置清单
mkdir -p /var/k8s-yaml/traefik &
&
cd /var/k8s-yaml/traefik - RBAC
- DaemonSet
- Service
- Ingress
vim /var/k8s-yaml/traefik/rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-systemvim /var/k8s-yaml/traefik/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
spec:
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: harbor.od.com/public/traefik:v1.7.26
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
hostPort: 81
- name: admin
containerPort: 8080
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --api
- --kubernetes
- --logLevel=INFO
- --insecureskipverify=true
- --kubernetes.endpoint=https://10.1.1.50:7443
- --accesslog
- --accesslog.filepath=/var/log/traefik_access.log
- --traefiklog
- --traefiklog.filepath=/var/log/traefik.log
- --metrics.prometheus
imagePullSecrets:
- name: harborvim /var/k8s-yaml/traefik/svc.yaml
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: adminvim /var/k8s-yaml/traefik/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: traefik.od.com
http:
paths:
- path: /
backend:
serviceName: traefik-ingress-service
servicePort: 8080依次执行创建
浏览器打开:http://k8s-yaml.od.com/traefik 检查资源配置清单文件是否正确创建
kubectl apply -f http://k8s-yaml.od.com/traefik/rbac.yaml
kubectl apply -f http://k8s-yaml.od.com/traefik/daemonset.yaml
kubectl apply -f http://k8s-yaml.od.com/traefik/svc.yaml
kubectl apply -f http://k8s-yaml.od.com/traefik/ingress.yaml解析域名
k8s-dns上
vim /var/named/chroot/etc/od.com.zone
...
traefik A 10.1.1.50配置反代
k8s-master.boysec.cn和k8s-slave.boysec.cn两台主机上的nginx均需要配置,
cat /etc/nginx/conf.d/od.com.conf
upstream default_backend_traefik {
server 10.1.1.100:81 max_fails=3 fail_timeout=10s;
server 10.1.1.110:81 max_fails=3 fail_timeout=10s;
}
server {
server_name *.od.com;
location / {
proxy_pass http://default_backend_traefik;
proxy_set_header Host $http_host;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
}
浏览器访问
http://traefik.od.com
部署dashboard
准备dashboard镜像
k8s-dns上
docker pull kubernetesui/dashboard:v2.0.1
docker tag kubernetesui/dashboard:v2.0.1 harbor.od.com/public/dashboard:v2.0
docker push harbor.od.com/public/dashboard:v2.0准备资源配置清单
mkdir -p /var/k8s-yaml/dashboard & & cd /var/k8s-yaml/dashboard
- RBAC
- Secret
- ConfigMap
- Service
- Ingress
- Deployment
vim /var/k8s-yaml/dashboard/rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-systemvim /var/k8s-yaml/dashboard/secret.yaml
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kube-system
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kube-system
type: Opaquevim /var/k8s-yaml/dashboard/configmap.yaml
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kube-systemvim /var/k8s-yaml/dashboard/svc.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboardvim /var/k8s-yaml/dashboard/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: dashboard.od.com
http:
paths:
- backend:
serviceName: kubernetes-dashboard
servicePort: 443vim /var/k8s-yaml/dashboard/deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: harbor.od.com/public/dashboard:v2.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kube-system
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {
}
serviceAccountName: admin-user
nodeSelector:
"beta.kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule解析域名
k8s-dns上
vim /var/named/chroot/etc/od.com.zone
...
dashboard A 10.1.1.50依次执行创建
kubectl apply -f http://k8s-yaml.od.com/dashboard/rbac.yaml
kubectl apply -f http://k8s-yaml.od.com/dashboard/secret.yaml
kubectl apply -f http://k8s-yaml.od.com/dashboard/configmap.yaml
kubectl apply -f http://k8s-yaml.od.com/dashboard/svc.yaml
kubectl apply -f http://k8s-yaml.od.com/dashboard/ingress.yaml
kubectl apply -f http://k8s-yaml.od.com/dashboard/deployment.yaml签发证书
在运维主机上k8s-dns.boysec.cn创建证书
# 通过openssl创建证书
(umask 077;
openssl genrsa -out dashboard.od.com.key 2048)
openssl req -new -key dashboard.od.com.key -out dashboard.od.com.csr -subj "/CN=dashboard.od.com/C=CN/ST=BJ/L=Beijing/O=od/OU=Linuxboy"
openssl x509 -req -in dashboard.od.com.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out dashboard.od.com.crt -days 3560
scp dashboard.od.com.crt dashboard.od.com.key k8s-master:/etc/nginx/certs浏览器访问
dashboard在1.8以后没有跳过认证登录。需要配置https协议,在k8s-master.boysec.cn、k8s-slave.boysec.cn配置nginx
vim /etc/nginx/conf.d/dashboard.od.com.conf
server {
listen 80;
server_name dashboard.od.com;
rewrite ^(.*)$ https://${
server_name}
$1 permanent;
}
server {
listen 443 ssl;
server_name dashboard.od.com;
ssl_certificate "certs/dashboard.od.com.crt";
ssl_certificate_key "certs/dashboard.od.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://default_backend_traefik;
proxy_set_header Host $http_host;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
}
获取token
kubectl describe secret admin-user -n kube-system登录
声明:本文内容由网友自发贡献,本站不承担相应法律责任。对本内容有异议或投诉,请联系2913721942#qq.com核实处理,我们将尽快回复您,谢谢合作!
若转载请注明出处: 云计算运维一步步编译安装Kubernetes之插件安装
本文地址: https://pptw.com/jishu/290433.html