User Tools
система_kubernetes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
система_kubernetes [2025/09/27 18:22] val [Установка minikube] |
система_kubernetes [2025/10/31 14:49] (current) val [Kubernetes Dashboard] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Система Kubernetes ====== | ====== Система Kubernetes ====== | ||
| + | |||
| + | * [[https://habr.com/ru/companies/vk/articles/645985/|Почему Kubernetes — это новый Linux: 4 аргумента]] | ||
| * [[https://kubernetes.io/ru/docs/home/|Документация по Kubernetes (на русском)]] | * [[https://kubernetes.io/ru/docs/home/|Документация по Kubernetes (на русском)]] | ||
| Line 63: | Line 65: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| + | kubectl version | ||
| + | |||
| kubectl get all -o wide --all-namespaces | kubectl get all -o wide --all-namespaces | ||
| kubectl get all -o wide -A | kubectl get all -o wide -A | ||
| Line 1153: | Line 1157: | ||
| $ ###kubectl delete secret/gowebd-tls -n my-ns | $ ###kubectl delete secret/gowebd-tls -n my-ns | ||
| </code> | </code> | ||
| + | === cert-manager === | ||
| + | * [[Letsencrypt Certbot]] | ||
| + | * [[https://cert-manager.io/docs/tutorials/acme/nginx-ingress/|cert-manager Securing NGINX-ingress]] | ||
| + | * [[Сервис Keepalived]] для 443-го порта | ||
| + | * [[Решение HAProxy]] для 80-го (cert-manager проверяет ссылку изнутри кластера) | ||
| + | <code> | ||
| + | увидеть ссылку | ||
| + | student@debian:~/gowebd-k8s$ kubectl -n my-ns get ingress -o yaml | less | ||
| + | |||
| + | увидеть обработчик | ||
| + | student@debian:~/gowebd-k8s$ kubectl -n my-ns get pods | ||
| + | NAME READY STATUS RESTARTS AGE | ||
| + | cm-acme-http-solver-5j2pr 1/1 Running 0 28s | ||
| + | my-webd-78ffd6cc5f-4qplt 1/1 Running 0 4d14h | ||
| + | my-webd-78ffd6cc5f-zpcsh 1/1 Running 0 4d14h | ||
| + | </code> | ||
| ==== Volumes ==== | ==== Volumes ==== | ||
| Line 1773: | Line 1793: | ||
| # use-forwarded-headers: true | # use-forwarded-headers: true | ||
| # allow-snippet-annotations: true | # allow-snippet-annotations: true | ||
| + | # service: | ||
| + | # type: LoadBalancer | ||
| + | # loadBalancerIP: "192.168.X.64" | ||
| </code><code> | </code><code> | ||
| $ helm template ingress-nginx -f values.yaml --repo https://kubernetes.github.io/ingress-nginx -n ingress-nginx | tee t2.yaml | $ helm template ingress-nginx -f values.yaml --repo https://kubernetes.github.io/ingress-nginx -n ingress-nginx | tee t2.yaml | ||
| Line 2091: | Line 2114: | ||
| ===== Kubernetes Dashboard ===== | ===== Kubernetes Dashboard ===== | ||
| + | |||
| + | * https://www.bytebase.com/blog/top-open-source-kubernetes-dashboard/ | ||
| * https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/ | * https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/ | ||
| * https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md | * https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md | ||
| + | |||
| + | * [[https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_token/]] | ||
| + | * [[https://www.jwt.io/|JSON Web Token (JWT) Debugger]] | ||
| <code> | <code> | ||
| Line 2106: | Line 2134: | ||
| name: admin-user | name: admin-user | ||
| namespace: kubernetes-dashboard | namespace: kubernetes-dashboard | ||
| + | #namespace: default | ||
| --- | --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||
| Line 2119: | Line 2148: | ||
| name: admin-user | name: admin-user | ||
| namespace: kubernetes-dashboard | namespace: kubernetes-dashboard | ||
| - | --- | + | #namespace: default |
| + | </code><code> | ||
| + | $ kubectl apply -f dashboard-user-role.yaml | ||
| + | |||
| + | $ kubectl create token admin-user -n kubernetes-dashboard #--duration=1h | ||
| + | |||
| + | $ ###ps aux | grep kube-apiserver | grep service-account-key-file | ||
| + | $ ###echo ... | jq -R 'split(".") | .[1] | @base64d | fromjson' | ||
| + | $ ###echo ... | awk -F'.' '{print $2}' | base64 -d | jq -r '.exp | todate' | ||
| + | |||
| + | cmder$ kubectl proxy | ||
| + | </code> | ||
| + | |||
| + | * http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ | ||
| + | |||
| + | <code> | ||
| + | $ cat dashboard-secret.yaml | ||
| + | </code><code> | ||
| apiVersion: v1 | apiVersion: v1 | ||
| kind: Secret | kind: Secret | ||
| Line 2125: | Line 2171: | ||
| name: admin-user | name: admin-user | ||
| namespace: kubernetes-dashboard | namespace: kubernetes-dashboard | ||
| + | #namespace: default | ||
| annotations: | annotations: | ||
| kubernetes.io/service-account.name: "admin-user" | kubernetes.io/service-account.name: "admin-user" | ||
| type: kubernetes.io/service-account-token | type: kubernetes.io/service-account-token | ||
| </code><code> | </code><code> | ||
| - | $ kubectl apply -f dashboard-user-role.yaml | + | $ kubectl apply -f dashboard-secret.yaml |
| - | + | ||
| - | $ kubectl -n kubernetes-dashboard create token admin-user | + | |
| $ kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d ; echo | $ kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d ; echo | ||
| - | |||
| - | cmder$ kubectl proxy | ||
| </code> | </code> | ||
| - | |||
| - | * http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ | ||
| - | |||
| ===== Мониторинг ===== | ===== Мониторинг ===== | ||
система_kubernetes.1758986544.txt.gz · Last modified: 2025/09/27 18:22 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
