为了学习目的,我在家里搭建了一个小型的三节点 Kubernetes 集群。每个 16GB 节点运行 Ubuntu Server 和 MicroK8S。我设置了一个领导者(arran)和两个追随者(nikka 和 yamazaki)。
root@arran:/home/me# microk8s kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
arran Ready <none> 5d3h v1.26.4 192.168.50.251 <none> Ubuntu 22.04.2 LTS 5.15.0-71-generic containerd://1.6.15
nikka Ready <none> 4d14h v1.26.4 192.168.50.74 <none> Ubuntu 22.04.2 LTS 5.15.0-71-generic containerd://1.6.15
yamazaki Ready <none> 3d16h v1.26.4 192.168.50.135 <none> Ubuntu 22.04.2 LTS 5.15.0-71-generic containerd://1.6.15
以下是集群的状态,已ingress手动dashboard启用。您可以看到它已切换到 HA 模式:
root@arran:/home/me# microk8s status
microk8s is running
high-availability: yes
datastore master nodes: 192.168.50.251:19001 192.168.50.74:19001 192.168.50.135:19001
datastore standby nodes: none
addons:
enabled:
dashboard # (core) The Kubernetes dashboard
ha-cluster # (core) Configure high availability on the current node
helm # (core) Helm - the package manager for Kubernetes
helm3 # (core) Helm 3 - the package manager for Kubernetes
hostpath-storage # (core) Storage class; allocates storage from host directory
ingress # (core) Ingress controller for external access
metrics-server # (core) K8s Metrics Server for API access to service metrics
registry # (core) Private image registry exposed on localhost:32000
storage # (core) Alias to hostpath-storage add-on, deprecated
disabled:
cert-manager # (core) Cloud native certificate management
community # (core) The community addons repository
dns # (core) CoreDNS
gpu # (core) Automatic enablement of Nvidia CUDA
host-access # (core) Allow Pods connecting to Host services smoothly
kube-ovn # (core) An advanced network fabric for Kubernetes
mayastor # (core) OpenEBS MayaStor
metallb # (core) Loadbalancer for your Kubernetes cluster
minio # (core) MinIO object storage
observability # (core) A lightweight observability stack for logs, traces and metrics
prometheus # (core) Prometheus operator for monitoring and logging
rbac # (core) Role-Based Access Control for authorisation
以下是我正在运行的 pod,它们来自我的清单(见下文):
root@arran:/home/me# microk8s kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
hello-world-app 1/1 Running 1 (14h ago) 47h 10.1.134.199 yamazaki <none> <none>
my-pod 1/1 Running 2 (14h ago) 5d1h 10.1.150.208 arran <none> <none>
目前提供的服务如下:
root@arran:/home/me# microk8s kubectl get services -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 5d3h <none>
nginx-service NodePort 10.152.183.120 <none> 80:30000/TCP 2d12h app.kubernetes.io/name=hello-world-app
hello-world-service NodePort 10.152.183.205 <none> 80:30032/TCP 47h app.kubernetes.io/name=hello-world-app
dashboard-service NodePort 10.152.183.237 <none> 443:32589/TCP 47h app.kubernetes.io/name=kubernetes
我怀疑问题出在清单中,它是我从 K8S 和 MicroK8s 手册中以复制粘贴的方式构建的:
apiVersion: v1
kind: Pod
metadata:
name: hello-world-app
labels:
app.kubernetes.io/name: hello-world-app
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- name: http
containerPort: 80
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: hello-world-service
spec:
selector:
app.kubernetes.io/name: hello-world-app
ports:
- port: 80
targetPort: 80
type: NodePort
---
# Not sure this will work - do we need a NodePort to the dashboard?
apiVersion: v1
kind: Service
metadata:
name: dashboard-service
spec:
selector:
app.kubernetes.io/name: kubernetes
ports:
- port: 443
targetPort: 443
type: NodePort
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: http-ingress
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes
port:
number: 443
现在,我有一个“hello world”应用程序,我给它一个节点端口,然后使用入口插件将其公开。这已在http://192.168.50.251/(端口 80)。但是,我尝试对 Kubernetes 仪表板执行相同操作,方法是添加端口和入口路由(端口 443),但https://192.168.50.251/指向“hello world”而不是我想要的仪表板。
单文件清单文件已完全应用microk8s kubectl apply -f manifest.yml。
下一步我可以尝试什么?
答案1
我用一种非常不同的方法解决了这个问题,根本不需要清单。MicroK8S 提供了一些辅助脚本来实现这一点。我需要 K8S 主服务器上的两个会话。
在第一个会话中,我运行了这个:
root@arran:/home/me# microk8s dashboard-proxy
Checking if Dashboard is running.
Infer repository core for addon dashboard
Waiting for Dashboard to come up.
Trying to get token from microk8s-dashboard-token
Waiting for secret token (attempt 0)
Dashboard will be available at https://127.0.0.1:10443
Use the following token to login:
eyJhbGciOiJSUzI1NiIsImtpZCI6IkJ1US1DZEVmUjM2ZWZZcjg5UTh5eXdQUFpLYnNpMVV1YWZPM0o2ZEEtQlUifQ.eyJpc3JiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJtaWNyb2s4cy1kYXNoYm9hcmQtdG9rZW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjA1M2Y3ZThhLTFiNWUtNDFkZi1hMmI0LWFlNzY3M2ZlZmMwNyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpkZWZhdWx0In0.EL1IfT8lh1gT7VKYHrWzZlNLhxP8kWKzZPdxzi7IL2Il9zL4Pg3ZMI5YmCv5s-IrVIKmUfFGsHu4G30gcqmg0FdkBhPkBSOvmfnB77mGjCMGSaIToHIySI_9HBB3Ea3i91bx_n9TJC3DVIKtEVdLx3p73_ygQBUmZ0QUs4MUf1mAIBkL7ltq58y9CUr88nuLWnQ2oUiIdtRpnz4Tw2V8Bin5rWQj2af_PeVKGfxBJBTsmmUADdby8vjZ-GTWCTcCZ3IEbLTx9jsWsf9qb2KYohnCfXBJPx8WbGw8Hkyvm3DjrjtzfZyiW4rPLTD7v8Oo0GimUrpBm6hZWmTd8rixQg
在第二个会话中我运行了这个:
root@arran:/home/me# microk8s kubectl port-forward -n kube-system service/kubernetes-dashboard 8080:443 --address='0.0.0.0'
Forwarding from 0.0.0.0:8080 -> 8443
然后,K8S 仪表板就会在领导主机上公开:https://192.168.50.251:8080/。从这里,只需粘贴上面的长令牌即可登录。