k8s相关

k8s dashboard yaml 下载

# wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.8.1/src/deploy/recommended/kubernetes-dashboard.yaml   # 下载https版本
# wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml   # 下载http版本

k8s dashboard登陆报错

persistentvolumeclaims is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list persistentvolumeclaims in the namespace "default"

解决

# cat kubernetes-dashboard.yaml
serviceAccountName: kubernetes-dashboard-admin

k8s在nginx中的配置

# cat nginx.conf
        # k8s test proxy.
        location /k8s/ {
            proxy_pass    https://192.168.x.xx:xxx;
            rewrite  ^/k8s/(.*)  /$1 break;     #不要忘记重定向
            access_log  logs/k8stest.access.log  main;
        }

查看服务端口

# kubectl get service --all-namespaces

使用自定义的cert

# kubectl create secret generic kubernetes-dashboard-certs --from-file=/home/k8s/certs -n kube-system        # certs 是目录

查看k8s dashuboard的token

# kubectl -n kube-system get secret | grep admin
# kubectl describe -n kube-system secret/kubernetes-dashboard-admin-token-xxxxx

k8s 建立自签名

    openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
   openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
    rm dashboard.pass.key

 openssl req -new -key dashboard.key -out dashboard.csr

 openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt

查看pod信息

# kubectl get pod -n default -o wide    # -n namespace 

创建删除文件配置

kubectl create/delete -f  kube.XXX.yaml

强制删除pod

# kubectl delete pod --grace-period=0 --force -n default podxxxxx

绑定nodeport

# cat kubernetes-dashboard.yaml
spec:
  type: NodePort    # 使用nodeport
  ports:
  - port: 80
    targetPort: 9090
    nodePort: 31XXX
  selector:
    k8s-app: kubernetes-dashboard